Storing API keys in Android, is obfustication enough?

Posted by fredley on Stack Overflow See other posts from Stack Overflow or by fredley
Published on 2011-01-12T17:27:04Z Indexed on 2011/01/12 17:54 UTC
Read the original article Hit count: 176

Filed under:

android

|

keys

|

dropbox-api

I'm using the Dropbox API. In the sample app, it includes these lines:

// Replace this with your consumer key and secret assigned by Dropbox.
// Note that this is a really insecure way to do this, and you shouldn't
// ship code which contains your key & secret in such an obvious way.
// Obfuscation is good.
final static private String CONSUMER_KEY = "PUT_YOUR_CONSUMER_KEY_HERE";
final static private String CONSUMER_SECRET = "PUT_YOUR_CONSUMER_SECRET_HERE";

I'm well aware of the mantra 'Secrecy is not Security', and obfuscation really only slightly increases the amount of effort required to extract the keys. I disagree with their statement 'Obfustication is good'. What should I do to protect the keys then? Is obfustication good enough, or should I consider something more elaborate?

© Stack Overflow or respective owner

Related posts about android

Please verify my layout: bottom button keeps coming up over keyboard

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi everyone, I have a layout which does almost what I want. There's just one bug regarding the button at the bottom. I should stay at the bottom at all times. But whenever I bring up the soft-keyboard the button will be displayed above the keyboard. This is not what I want but it should become covered… >>> More
Android programming. Application stopped unexpectedly.

as seen on Stack Overflow - Search for 'Stack Overflow'
I've just created a prototype of interface for my android app and tried to run it. Unfortunately I get an error that my app has stopped unexpectedly (my reputation doesn't allow me to post images so follow my links): screenshot of error message This is layout mode of editing. Everything looks as… >>> More
Listview Row Overlap Problem

as seen on Stack Overflow - Search for 'Stack Overflow'
I just updated my app and I am getting some odd complaints from people who update it. I am only getting complaints from people with non-stock android phones (phones that manufacturers have modified...HTC phones, cliq, pulse, etc), other phones like the Droid, Nexus work fine. My app (Photo Frame Deluxe)… >>> More
Why are some of my view not aligned correctly at the bottom of my relative layout?

as seen on Stack Overflow - Search for 'Stack Overflow'
I have problems getting some of my views aligned in a relative layout that I use inside a row of my listview. Here is a screenshot from the layout builder in Eclipse, this is what I think it should look like: The next image is from the emulator. Now the TestTestTest View is at the top and covers… >>> More
Android RatingBar weirdness: Whenever I add a RatingBar to my layout, a bunch of the generated tags,

as seen on Stack Overflow - Search for 'Stack Overflow'
Whenever I use a RatingBar view in my layout, I suddenly get all kinds of compile errors. I'm using Android 2.0, but I've also tried 2.0.1, and 2.1, without joy. I also get a message: Shader 'android.graphics.BitmapShader' is not supported in Layout Editor, and an odd warning which may or maynot be… >>> More

Related posts about keys

F3-F5 keys incorrectly behaving as audio keys

as seen on Super User - Search for 'Super User'
I don't know if this is a configuration issue or a hardware issue, but I have a Kinesis Advantage USB keyboard and for some reason the F3-F5 keys aren't responding as they used to. They don't respond to anything and, when I tried using F5 on Emacs, it said <XF86AudioNext> is undefined, so I… >>> More
Rejuvenated: Script Creates and Drops for Candidate Keys and Referencing Foreign Keys

as seen on SQL Blog - Search for 'SQL Blog'
Once upon a time it was 2004, and I wrote what I have to say was a pretty cool little script . (Yes, I know the post is dated 2006, but that's because I dropped the ball and failed to back-date the posts when I moved them over here from my prior blog space.) The impetus for creating this script was… >>> More
Fix Firefox Not Scrolling with Up/Down Arrow Keys or Home/End Keys

as seen on How to geek - Search for 'How to geek'
If you’ve encountered a problem where your Firefox installation no longer scrolls when you use the up or down arrow keys, and even the Home or End keys don’t work anymore, there’s an easy fix. When this problem happens, you’ll notice that moving the arrow keys around just… >>> More
Entity Framework and multi-tenancy database design

as seen on Stack Overflow - Search for 'Stack Overflow'
I am looking at multi-tenancy database schema design for an SaaS concept. It will be ASP.NET MVC - EF, but that isn't so important. Below you can see an example database schema (the Tenant being the Company). The CompanyId is replicated throughout the schema and the primary key has been placed on… >>> More
Update multiple rows with known keys without inserting new rows if nonexistent keys are found

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, Let's imagine that we have table items... table: items item_id INT PRIMARY AUTO_INCREMENT title VARCHAR(255) views INT Let's imagine that it is filled with something like (1, item-1, 10), (2, item-2, 10), (3, item-3, 15) I want to make multi update view for this items from data taken… >>> More