Question:
Right now I have a very secret number in my client application. It lies in the resources, strings.xml
, we urgently need to come up with something so that the picking hackers cannot find anything, or at least stop their atrocities 🙂 This number consists of 50 digits, it is transmitted to the server as a string as an API key. I came up with the following:
Create a static method that returns this number using simple operations. It will be necessary to make calls to other methods from different libraries, even modify the support libraries, and make large interlacings from one library to another. For even more complexity, let these libraries be written in C++.
Or is there a better solution? I've noticed somewhere that the app tool can't decompile boolean
, something like 0 and 1 is obtained there, I don't remember exactly.
Basically, what can you think of? And then such manipulations every time you request a server will be lengthy, and if you receive it and store it in a variable at the start of the game, then there seem to be some utilities for viewing the dalvik cells of the application's memory.
Answer:
It is generally accepted that everything that is in the client is revealed and can be faked.
If your scenario involves requests to the API of some third service, then either put up with the disclosure of the API key (after all, it is transmitted in requests in the clear and can be removed with a sniffer), or, alternatively, proxy requests to the service through your proxies, appending API key on the fly.