Android Question Disable or encrypt httpjob cache

somed3v3loper

Well-Known Member
Licensed User
Hello all ,

I am getting some (string) data from server at runtime but I need it to be only available in memory I don't want it to be stored in any directory or at least it should be stored encrypted .


regards
 

Brandsum

Well-Known Member
Licensed User
You can unzip the httputils b4xlib and see that the data coming from server is first getting stored in the cache folder and then when you call getstring or getbitmap etc the lib sends you the data stored in that cache file.
 

Semen Matusovskiy

Well-Known Member
Licensed User
To encrypt the cache is too late. There are such products as Charlie, a traffic is completely visible due to a proxy-server.
Bradsum's "Send encrypted data from server and decrypt it after job success" is much better. But it's necessary to crypt own Java code also.
 

Semen Matusovskiy

Well-Known Member
Licensed User
To decompile any Android (Java) program is very simple.

B4A offers to compile in obfuscated mode. This can discourage to "import" the pieces of code, but is not able to crypt a communication.
For example, a hacker can find httpJob object and where you read data, something like
_stringresponse = _httpjobinstance._vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv4 /*String*/ ().trim();
Then he will search, what you do with _stringresponse.

IMO, it's not possible to keep secrets in Android. But typically it's not needed. Depends, what exactly do you want to prevent
 
Top