O'Reilly logo

Bulletproof Android™: Practical Advice for Building Secure Apps by Godfrey Nolan

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Asymmetric Keys

All symmetric encryption schemes rely on a single key, which can be very difficult to hide on the phone. If you’re hard coding your key in the code, someone will find it and your confidential data will be compromised. Far better to use an asymmetric encryption scheme where there is a public/private key pair, so we can put the public key on the phone and then decrypt it on the server using the hidden private key. There are several libraries out there that we can use, but why not use something provided by Google Security Team, namely Keyczar, which is available from http://keyczar.org.

In this example, we’re using Keyczar to create a public/private key to encrypt the API key so that it can be sent to the server to be decrypted. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required