Android Question App security, Encryption?

M

mrawi

Member
Licensed User
Hi

I've made an app that searches values from an excel sheet. It is a private app and the information it searches is confidential. My question is how do I secure the app in case it falls in the wrong hands? I already have a username and password layout to access it, but what about the core build of the app which contains the information from the sheet.

Please forgive me if what I'm asking is unclear. I'm new to the whole thing. I just want to make sure of security. Thanks.
 
Sort by date Sort by votes
lemonisdead

lemonisdead

Well-Known Member
Licensed User
Longtime User
Hello,
First of all you should use the obfuscation provided by B4A (Release obfuscated). It is a first step.
 
Upvote 0
wonder

wonder

Expert
Licensed User
Longtime User
1) Is the excel sheet itself protected?
2) Are you storing the correct username/password combo in plaintext?
3) Is your algorithm sensitive or just the information it handles?
4) Are you storing the post-processed information in a file?

==============================================

1) The information source itself MUST be protected, there are a few ways to do it. If needed we can point you in the right direction.

2) Storing login information in plaintext is a huge mistake, you MUST hash the user/pass combo, preferably "salted". Again, there are many tutorials on this subject around the web.

3) If your algorithms are sensitive enough themselves to be secured, these parts of your code should be separately compiled as native (.so) library.

4) Your post-processed sensitive data should only be stored if absolutely required. A good practice would be clearing all the variables and data structures once they done their job. The memory should be cleared as well in Activity_Pause, so that it would, at least in theory, impossibilitate any memory scanners from sniff your data.
 
Last edited:
Upvote 0
M

mrawi

Member
Licensed User
Thank you for the answers. I will do a obfuscated release. The excel sheet itself is loaded onto a panel and I hide the panel. So what more do you think I can do?

The algorithm isn't sensitive, it's only the table that is loaded onto the panel that contains the sensitive information.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

toby
  • Question
Android Question Unable to use the tool "Secured Assets - Encrypt your assets files"
Replies
1
Views
684
Erel
Erel
Alexander Stolte
  • Article
Android Code Snippet [B4X] RSA Encrypt and Decrypt
Replies
3
Views
5K
KMatle
KMatle
KMatle
  • Article
Android Tutorial [B4x] AES Encryption (lessons learned & best practice)
Replies
6
Views
10K
Addo
Addo
Stephen A Wolfe
  • Question
Android Question Rijndael encryption with custom PassPhrase
Replies
19
Views
4K
Erel
Erel
Jeffrey Cameron
  • Question
Android Question B4a Cipher (AES) vs. VB.NET 2017 Encryption
Replies
2
Views
3K
Jeffrey Cameron
Jeffrey Cameron
Top