I am developing an application which is not meant to be published but to be installed on a handful of devices.
In any case the phone communicates with a piece of hardware over BLE and in order to perfrom certain operations, such as changing the calibration data the operation has to be authorized.
This happens by requesting a seed from the hardware, then give back the calculated authorization key.
My question is, what are my opyions to protect the algorythm to calculate the key? Or at least to not make it super simple to figure out by looking at the APK? I'd prefer for everything to stay inside the device.
The idea is that only very few people like two or three should have this app installed, but of course nothing stops someone else to get a hold of their phones and then extract the apk
Bonus, same for iOS