Answer the question
In order to leave comments, you need to log in
S
S
Sergey Semenko2016-07-02 00:36:54
Sergey Semenko, 2016-07-02 00:36:54
How to store a key on an Android device?
I do authorization in the application via SMS. SMS is sent through the server (a request is sent to the server, and then a request is sent from the server to send SMS). Now closer to the point - anyone can send a request to the server, which means that some bad person can send a bunch of requests with different numbers and SMS will be sent to all these numbers, for which I will need to pay. I decided to use the good old method: create a hash from the number + key (secret string, key fingerprint or something else) and pass the number and hash in the request, but do a check on the server, but how to store this key on the device?
PS Most likely this method is not very good, so I ask you to kick in the right direction.
1 answer(s)
@artemgapchenko
A
Artem Gapchenko, 2016-07-07 @artemgapchenko
Here's a nice video on Android security from one of Redmadrobot's employees. In short, this task is unsolvable on the device side, no matter what you do, all this can be disassembled and broken in the right direction (there are options to complicate the task of extracting the necessary key from apk, but only to complicate it - it is impossible to make it impossible).
Accordingly, as already mentioned in the comments, decide only together with the server.
Similar questions
A
N
R
M
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question