TechQA.

protect credential in strings.xml inside apk file

20 views Asked by At

When I decompile apk file of my app I see a lot of credential added by 3rd party libraries, and I believe its security issue:

<resources>
    <string name="default_web_client_id">123456.apps.googleusercontent.com</string>
    <string name="facebook_app_id">1234567890</string>
    <string name="facebook_client_token">12345678901234567890</string>
    <string name="fb_login_protocol_scheme">fb1234567890</string>
    <string name="firebase_database_url">https://work-ua-oauth.firebaseio.com</string>
    <string name="gcm_defaultSenderId">1234567890</string>
    <string name="google_api_key">12345678901234567890</string>
    <string name="google_app_id">1:1234567890:android:1234567890</string>
    <string name="google_crash_reporting_api_key">12345678901234567890</string>
    <string name="google_storage_bucket">my-app-ua-oauth.appspot.com</string>
</resources>

Is it ok to store it there? Is there any way to obfuscate them or move to another place?

android security obfuscation credentials android-obfuscation
Original Q&A
0

There are 0 answers

Related Questions in ANDROID

Related Questions in SECURITY

Related Questions in OBFUSCATION

Related Questions in CREDENTIALS

Related Questions in ANDROID-OBFUSCATION

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions