Asymmetric Keys
All symmetric encryption schemes rely on a single key, which can be very difficult to hide on the phone. If you’re hard coding your key in the code, someone will find it and your confidential data will be compromised. Far better to use an asymmetric encryption scheme where there is a public/private key pair, so we can put the public key on the phone and then decrypt it on the server using the hidden private key. There are several libraries out there that we can use, but why not use something provided by Google Security Team, namely Keyczar, which is available from http://keyczar.org.
In this example, we’re using Keyczar to create a public/private key to encrypt the API key so that it can be sent to the server to be decrypted. ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
