Symmetric Keys
To keep our weather underground API key secure, we’ll need a place to hide it. In Chapter 5 we’ll discover how developers have tried to hide passwords with varying degrees of success, as follows:
1. Ask for the password each time.
2. Save it in cleartext in shared preferences.
3. Save it encrypted in shared preferences using a one-time key.
4. Save it encrypted in the shared preferences using a device-specific key.
5. Hide it in the NDK.
Many of these same techniques apply here, but because we don’t want to cover the same information twice, we won’t go into too much detail until Chapter 5.
There are a number of choices open to you on how you want to encrypt data on an Android phone, and many different cryptographic libraries are ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
