Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it bad practice to store keys in .properties file

Tags:

android

security

So i've just integrated with UrbanAirship for Android.

Their sample code uses a .properties file to store API keys and secrets. I found this quite alarming as these files are easily accessible after expanding an APK.

I'm not looking to start a debate about storing sensitive data in your app. I just want to know if it is unacceptable to store keys like this.

If so then which is a more secure but straight forward approach? I am currently storing my own API keys as static variables in a globals file.

like image 202
jim Avatar asked Dec 29 '25 14:12

jim

1 Answers

Since APK contents are not encrypted, the string is just as easily extracted from a .properties file than from a compiled class. You can make it a little harder to extract by storing it encrypted inside your Globals class, but don’t expect anything you ship to users to remain a secret.

like image 117
moeffju Avatar answered Dec 31 '25 06:12

moeffju
Sign in to Comment

Related questions

Using shared preferences vs. bundle in Android
How to check if a home screen short-cut exists or not?
Jar mismatch! Fix your dependencies when using appcompat_v7 and Facebook sdk.
Android 4.4 Kit Kat list selector color
ScrollView does not work in fullscreen mode
How to start on fragment 2 instead of fragment 1 in a view pager
ContentProvider - Do i need an entry in the manifest file?
jquery mobile function running before the device ready
How to get Facebook Friends list in android application
AutoLink link square brackets of URL in TextView
Unable to dismiss progress dialog
AutoCompleteTextView detect if user choosed suggestion
Is it possible to prevent user from uninstalling application in Android?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!