Android Question Possible to hide parts of code?

ema01

Member
Licensed User
Longtime User
I am developing an application which is not meant to be published but to be installed on a handful of devices.
In any case the phone communicates with a piece of hardware over BLE and in order to perfrom certain operations, such as changing the calibration data the operation has to be authorized.
This happens by requesting a seed from the hardware, then give back the calculated authorization key.

My question is, what are my opyions to protect the algorythm to calculate the key? Or at least to not make it super simple to figure out by looking at the APK? I'd prefer for everything to stay inside the device.
The idea is that only very few people like two or three should have this app installed, but of course nothing stops someone else to get a hold of their phones and then extract the apk

Bonus, same for iOS
 

Alan Doucet

Member
Licensed User
Hello ema01,

I do not believe that is possible. I wanted to try to do a similar thing, hide a pw for a db, but have seen responses saying it was not possible. Wish I had better news.
 
Upvote 0

Star-Dust

Expert
Licensed User
Longtime User
F5Steg

 
Upvote 0

Jeffrey Cameron

Well-Known Member
Licensed User
Longtime User
The only 100% effective way would be to have a remote sever that stored authorized device IDs which the phone could query. That way, only your server can be used to authenticate the device.

Anything you do on the phone itself could potentially be decompiled/reverse engineered if someone is determined enough. Releasing obfuscated and not storing your keys as plain-text in the code will deter the vast majority of copying.
 
Upvote 0

Sandman

Expert
Licensed User
Longtime User
I think we can use encryption and sqlcipher libraries to store the key.
The harder we make it, the fewer people will be able to figure out how the app works. But there will always be a number of people higher than zero that will be able to figure things out, regardless of what we do.
 
Upvote 0

Jeffrey Cameron

Well-Known Member
Licensed User
Longtime User
will be able to figure things out
“What one man can invent, another can discover.” - Sherlock Holmes
Where to call it "good enough" I've always found varies greatly by the project requirements and how much is at stake if it compromised. Only you can answer that question for your specific case.
 
Upvote 0
Cookies are required to use this site. You must accept them to continue using the site. Learn more…