secret key security - Githubissues

aditcodes / socialauth-android

Automatically exported from code.google.com/p/socialauth-android

0 stars 0 forks source link

secret key security #32

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. implement one of the sample apps
2. root the phone
3. extract the assets and thus the secret keys

Please provide any additional information below.

Is there any way to protect the assets / secret keys?

Original issue reported on code.google.com by st...@n9oh.com on 6 Feb 2013 at 7:23

GoogleCodeExporter commented 9 years ago

Hi Steve,

Rooting can provides source code too. This is currently not in our scope. But 
we would love if people want to contribute.

Original comment by vineet.a...@3pillarglobal.com on 12 Feb 2013 at 6:15

Changed state: Done

GoogleCodeExporter commented 9 years ago

Original comment by vineet.a...@3pillarglobal.com on 12 Feb 2013 at 6:16

Changed state: WontFix
Added labels: Type-Enhancement
Removed labels: Type-Defect

GoogleCodeExporter commented 9 years ago

Is there a way to specify the key in source code rather than in the assets 
file?  Then you could at least obfuscate the code to hide it.

Original comment by st...@n9oh.com on 12 Feb 2013 at 1:02

GoogleCodeExporter commented 9 years ago

we have added the fix in socialauth android 2.5 using addConfig method

Original comment by vineet.a...@3pillarglobal.com on 14 Jun 2013 at 1:53

Changed state: Fixed