Web Services
The safest option for any type of device is to store the key, or the algorithm for generating your key, remotely and to access it via secure web services. This has already been covered in previous chapters. The disadvantage to this is that the Android device will need to be connected to the Internet when you open the database, which might not be acceptable to the end user.
But the message should be clear by now that any keys stored on the phone are open to being hacked in ways similar to what we’ve shown in this section. We’ll go into more detail in the next chapter about what to do to protect your web server and your web server traffic from prying eyes.
Get Bulletproof Android™: Practical Advice for Building Secure Apps now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
