如何保护 Android 应用程序中的字符串? [英] How to secure string in Android Application?
问题描述
如何在 Android 应用程序中保护字符串?
How to secure string in Android Application ?
ProGuard: 它不保护字符串?proguard 是否可以混淆静态字符串常量?
加密字符串: 用于加密我需要在某个地方存储加密密钥(字符串),这也是同样的问题,如何保护加密密钥.
Encrypt String: for Encryption I need to store encryption key (string) some where and again it's same issue, how to secure encryption key.
从网络服务获取字符串:但是这个解决方案对我不起作用,因为应用没有互联网要求/访问,这是要求/业务决策.
Fetch string from web service: But this solution will not work for me, as app don't have internet requirement/access that's requirement/business decision.
NDK: 编写包含字符串的 c 文件并使用 JNI 返回但我发现 Hex-Ray 反编译来反编译 *.so 文件https://www.hex-rays.com/index.shtml
NDK: write c file which contain string and return using JNI but I found Hex-Ray decompile to decompile *.so file https://www.hex-rays.com/index.shtml
=================================================
================================================
C 中的函数
jstring Java_com_abc_xyz_getString(JNIEnv* env, jobject javaThis) {
return (*env)->NewStringUTF(env, "Hello String");
}
======================================
====================================
请建议在 Android SDK/NDK 中保护字符串的最佳选项.
Please suggest a best option to secure string in Android SDK/NDK.
推荐答案
密钥保护和分发是密码学中的大漏洞.它必须在您需要解密数据时可用.
Key protection and distribution is the big hole in cryptography. It has to be somewhere available at the time you need to decrypt the data.
因此,如果您的字符串是由使用设备的人输入的,您可以使用设备序列号/IMEI#/etc 作为密钥.有点安全,但逆向工程并不难.这将允许在无需用户输入密码的情况下在本地解密数据,但不允许以加密方式分发数据.
So, if your string is entered by someone using the device, you could use the devices serial#/IMEI#/etc as the key. Somewhat secure, but not that difficult to reverse engineer. That would allow for the data to be decrypted locally without the user putting in a password, but would not allow the data to be distributed encrypted.
如果您尝试使用应用程序分发加密数据,正如您所发现的,密钥必须是设备本地的某个人.没有与外界的通信链接,唯一的选择是在设备中或与应用程序用户.
If you are trying to distribute encrypted data with the application, as you have discovered, the keys must be someone local to the device. Without a communications link to the outside world, the only choices are in the device or with the applications user.
如果您能给我们提供预期的工作流程,您可能会得到更多有用的建议?
Perhaps if you could give us the intended workflow, you could get more useful suggestions?
这篇关于如何保护 Android 应用程序中的字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
