Closed houmie closed 3 years ago
Hello @houmie , as said in the Readme nothing is unbreakable. But a hacker should not be able to execute your code in an IDE with all keys set up inside.
If your are worried about your code accessibility in production I encourage you to use obfuscation of your code provided by , for example, proguard.
Hi Ben,
Thank you for your reply. Yes, you are right. They can see the code after a disassembly but they won't be able to run it in a IDE like I would do. Hence it's important to hide the obvious tokens from plain sight, so that they can't read them to access the API.
I have one last question. Why is it the name -PkeyName
usually autogenerated, unless explicitly specified? If they can't read the key value, why does it matter that I named it ProductionToken
or something unrecognisable?
Thanks, Houman
@houmie your code can be extracted and some value can be read. The key is random by default but you can provide the name you want. It is your choice.
To understand more how works this library, you can decompile your apk file and see what hackers can see with apktool: https://ibotpeaches.github.io/Apktool/
Hey guys,
I'm doubting my approach, if my API token is protected by this plugin like this:
Couldn't the the hacker that got his hands on the code via disassembly simply set a breakpoint there and read the token? How have I protected the token then? 🤔