In the Code
We can see from the SQLCipher code example earlier in Figure 5-8 that we can’t simply hard code our key in the SQLCipher class because someone is going to find it when they decompile your APK. If we create a security scale showing level of difficulty—from 1 to 10, where 1 is your kid brother and 10 is a foreign government—then we’re close to 1 or 2 in the level of difficulty to reverse engineer an APK to decompile the code.
A couple of years ago, using a single security key for everyone’s app was common practice in Android development. More recently, developers have moved to generating the key and making it device-specific using the device’s attributes, such as device_id, android_id, and any number of phone-specific attributes such ...
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
