ishpreetsingh / socialauth-android

Automatically exported from code.google.com/p/socialauth-android
0 stars 0 forks source link

secret key security #32

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. implement one of the sample apps
2. root the phone
3. extract the assets and thus the secret keys

Please provide any additional information below.

Is there any way to protect the assets / secret keys?

Original issue reported on code.google.com by st...@n9oh.com on 6 Feb 2013 at 7:23

GoogleCodeExporter commented 8 years ago
Hi Steve,

Rooting can provides source code too. This is currently not in our scope. But 
we would love if people want to contribute.

Original comment by vineet.a...@3pillarglobal.com on 12 Feb 2013 at 6:15

GoogleCodeExporter commented 8 years ago

Original comment by vineet.a...@3pillarglobal.com on 12 Feb 2013 at 6:16

GoogleCodeExporter commented 8 years ago
Is there a way to specify the key in source code rather than in the assets 
file?  Then you could at least obfuscate the code to hide it.

Original comment by st...@n9oh.com on 12 Feb 2013 at 1:02

GoogleCodeExporter commented 8 years ago
we have added the fix in socialauth android 2.5 using addConfig method

Original comment by vineet.a...@3pillarglobal.com on 14 Jun 2013 at 1:53