how to hide CRYPT_KEY

[Souras]

Hi I implemented this successfully. But when I decompile my apps than I found key in com/tkyaji/cordova/DecryptResource.java just like

public class DecryptResource extends CordovaPlugin { private static final String CRYPT_IV = "2f4p6XIsww3+5kBG"; private static final String CRYPT_KEY = "TA5GpZAipc1ReX5BEZEd9FnQTVB7Zp6w"; private static final String[] EXCLUDE_FILES; private static final String[] INCLUDE_FILES; private static final String TAG = "DecryptResource";

what should I do to hide key also.

[sdkcarlos]

@Souras i've already tried a lot of things but one way or another the answer is always the same, it is impossible (read more about here).

Using tools like jadx makes easy to decompile the APK and read the content. You can try to use ProGuard for your APK which should make the code "not easy" (obfuscate) to read and should slow down the reverse engineering process. However i tried and the code (although not is the same as the original) still readable:

[trandangninh]

@Souras Did you try to decrypt codes with that key ? I cant, so I assume, to decrypt codes, you need that key and do something to have a 'real' one

[akash-pal]

@trandangninh how did you try? Can you share the process?

[sayajik]

Keys are easily find in java file. How can hide these keys in android project?

[akash-pal]

@sayajik there doesn't seem a way currently in this plugin to hide the keys. in addition to this plugin only supported uiwebview , for ios the default is wkwebview.

[justclickk]

The plugin is not working on Android API 8 level 26. Compatibility stops at API 6 level 23.

With the requirements from google on target api which must be 8/26 from August. I have began testing this plugins with the latest api but not working.

Anyone on same page with me here? Developer should quickly do something. Tgis plugin has help a long way.

Thanks