Android Question Disable or encrypt httpjob cache

[somed3v3loper]

Hello all ,

I am getting some (string) data from server at runtime but I need it to be only available in memory I don't want it to be stored in any directory or at least it should be stored encrypted .


regards

 

[Brandsum]

Send encrypted data from server and decrypt it after job success

 

[somed3v3loper]

Send encrypted data from server and decrypt it after job success

Thanks so you mean that we can't disable the cache ?

 

[Brandsum]

You can unzip the httputils b4xlib and see that the data coming from server is first getting stored in the cache folder and then when you call getstring or getbitmap etc the lib sends you the data stored in that cache file.

 

[Brandsum]

Thanks so you mean that we can't disable the cache ?

you can modify that bas file inside b4xlib and use random access file lib to encrypt the cache file.

 

[KMatle]

See my examples. AES is perfect for that.

 

[Semen Matusovskiy]

To encrypt the cache is too late. There are such products as Charlie, a traffic is completely visible due to a proxy-server.
Bradsum's "Send encrypted data from server and decrypt it after job success" is much better. But it's necessary to crypt own Java code also.

 

[somed3v3loper]

But it's necessary to crypt own Java code also.

Can you please send me to the right direction of encrypting own java code ?
Do we have it in B4A ?
Thanks

 

[Semen Matusovskiy]

To decompile any Android (Java) program is very simple.

B4A offers to compile in obfuscated mode. This can discourage to "import" the pieces of code, but is not able to crypt a communication.
For example, a hacker can find httpJob object and where you read data, something like
_stringresponse = _httpjobinstance._vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv4 /*String*/ ().trim();
Then he will search, what you do with _stringresponse.

IMO, it's not possible to keep secrets in Android. But typically it's not needed. Depends, what exactly do you want to prevent

 

[Erel]

HttpJob does save the server response in a temporary file. The file is deleted when you call Job.Release.

You can modify HttpUtils2Service or use HttpClient directly and change it to store the response in a memory output stream (OutputStream.InitializeToBytesArray).