Mike Taylor
- Forum posts: 2
Aug 16, 2013, 10:40:00 AM via Website
Aug 16, 2013 10:40:00 AM via Website
Hi
I am trying to assess what security precautions I need to put in place to secure my app from a determined assault.
What I would like to know is it feasible that given physical access to a device (thats not rooted), could someone could access the internal storage to get access to shared prefs and the .apk file.
Having got the .apk file, I understand it's relatively easy to reverse engineer it and then gain access to API keys, server path and port? If the app is obfuscated, what that help ?
Even if the data is encrypted, the key used to decrypt the data would be in the app right? So what's best practise to ensure that if the phone falls into the wrong hands, we don't give up all our closely guarded secrets?
Thank you in advance.
Mike
I am trying to assess what security precautions I need to put in place to secure my app from a determined assault.
What I would like to know is it feasible that given physical access to a device (thats not rooted), could someone could access the internal storage to get access to shared prefs and the .apk file.
Having got the .apk file, I understand it's relatively easy to reverse engineer it and then gain access to API keys, server path and port? If the app is obfuscated, what that help ?
Even if the data is encrypted, the key used to decrypt the data would be in the app right? So what's best practise to ensure that if the phone falls into the wrong hands, we don't give up all our closely guarded secrets?
Thank you in advance.
Mike
Recommended editorial content
With your consent, external content is loaded here.
By clicking on the button above, you agree that external content may be displayed to you. Personal data may be transmitted to third-party providers in the process. You can find more information about this in our Privacy Policy.