As we all know Android app apk file can be drilled down to get the Java codes and resources. The sensitive data used to populate lets say list view used as arrays in Java files can be easily hacked.
What are the secure ways to do it?
I guess downloading XML or JSON file from the internet and using in app? Or there any other techniques?
Thanks in advance.
Related
I make a android application themed puzzles,
and the answers I put in the xml file,
in folder assets/file.xml, I add also proguard.
after I publish it on google play,
The application turns in reverse engineering by someone,
so that all the answers are there in the xml file unreadable
and distributed on the Internet.
I plan to move this xml file online
eg I put in www.example.com/folder/file.xml to make it more secure.
My question, how to read / access the online xml file?
thanks.
One method i hvae used is use of webservice to make requests and get xml response. I have achieved this using Soap webservice, i make soap request from my app, and get xml response from server then i can parse the results. This means that you will be storing your answers dynamically in your database, so no one can tamper with them unless they hack database. It is also advisable to use dynamic puzzle question, i.e, store the puzzle questions in an online database so that you can update them without having to go back and update code in the app.
I am doing some investigation into developing a iOS App, Android App as well as a bootstrap website. This is really at the early stages of the project and I have been out of software development for a number of years so I am a little rusty, so please forgive me for my questions.
To connect to an external database and/or external C# code from an App, I presume you need to use a webservice? Is this the only way to do this?
What format is required? JSON?
From a bootstrap website, how would I go about doing the same thing? Via a AJAX call to a webservice?
Do most Apps use the internal storage/database for storing data? (I know that's a very general question, I am just trying to get a feel for things)
Thanks for your help.
You will need a web service. Theoretically you can connect to the databases directly with android and iOS, but that's less secure, and making changes is difficult. For example, if you ever want to rename a column in your database, you would break your existing apps. However, if you use a webservice, you can update the webservice to report the column under it's old name.
You can use whatever format you want, but I would strongly recommend JSON. There are lots of powerful, fast parsers out there to handle serializing and deserializing JSON strings out there, and some networking clients that will even handle the translation automatically for you.
You would indeed use an AJAX call.
Yes, that is very general, but most apps will. It really varies what kind of data you need to persist. If you're just looking to cache a feed until the next launch you may use a simple file storage (in iOS you can use a NSKeyedArchiver to quickly build objects into a file format and NSKeyedUnarchiver to build objects from a file), or if you need more complex data relationships you would use a SQLite database on the device. On iOS you should use Core Data to manage the SQLite store for you.
You are correct. To get data from an external database you will need to make a webservice call To a script that returns the data you wish to use.
You can get the data back in JSON or XML format. I prefer JSON as I think it is easier and simpler.
AJAX would be a good way to make calls for your data.
Its a good idea to make a mix of both. You can use and webserver to store all your data but if the user is in an area that they can't use data then it would render your app useless. Normally I keep all the data I need on a server then download and store it in the apps DB for that user. You can then make a request to the server at intervals to see if there is any new data to be downloaded. I would suggest doing a similar thing for the bootstrap site.
I've been messing around with Android, after having read Android Application Development for Dummies, and nothing else (just to illustrate how little I know) I'm trying to create my first useful, but very simple app.
The app should do the following:
prompt me for a password
read a string (persisted somewhere in the memory)
use my password as a key to decrypt the string
parse the string as xml and display the data to me
other than being a coding exercise, this would serve me as a sneaky way of storing sensitive data that's too copious to remember.
I don't want the app to handle input of this data, I want it to come pre-filled with it. (never mind reusability right now) I don't want to hardcode the string in the code though.
I've decided to store the string in a file in the app's internal storage (if this is a bad idea, feel free to suggest something else). I've found plenty of examples on how to work with these files. But they all deal with creating the file at runtime. What I'd like to do is create the file as part of my Eclipse project, and then have it available to the app at runtime.
Is it possible to do this?
What I'd like to do is create the file as part of my Eclipse project,
and then have it available to the app at runtime. Is it possible to do
this?
Yes it's possible, you can create your file in the assets or res/raw directory, then fill its content when the app is running.
However, I'm not sure if this is the best place if you have sensitive information to store in.
I am porting an application originally written for WP7 and just need to know how to do something under Mono for Android which I could do on WP7 using IsolatedStorage.
For simple key/value data such as the username and password used to login I am using SharedPreferences and I think that this will work fine, however I read an XML file from a web service and need to be able to store this file locally, be able to update its contents and ultimately upload it back to the web server.
Under WP7 the code would serialize the XML and then save this to application settings - I guess I can do something very similar in Android but the question is this the best way to store an XML data file?
Thanks
You can do almost the same thing as you would on the WP, as the same .net libraries for xml and serialization should be available on Mono for Android.
You can then also save it to isolated storage or wherever you like.
You can use one of the common java libraries to work with XML, such as JDOM or SAX. You can then write this to android storage as per Maxim's comment link above.
You can write the XML as a string to a file in the Internal Storage or the SD Card. Check the Developer Documentation for more information: http://developer.android.com/guide/topics/data/data-storage.html
I would like to build some simple application - for example Todo list - and I am thinking about the problem and its solving - how can I to store data in my own application on Android platform?
I should to use some text file, xml file or some database? What will be better for beginner on this field?
You'll have a VERY hard time getting anywhere with Android if you don't read through their website/dev resources. I would highly recommend visiting their site.
As far as data storage is concerned, that varies based on your need. Explained here
My suggestion is to use SQLite that comes with Android. http://developer.android.com/reference/android/database/sqlite/SQLiteDatabase.html
In my opinion, a SQLite database seems most appropriate for this kind of application. There is lots of support for using the SQLite database in conjuction with ListViews (which I imagine you'd want to use in your to-do list app).
In case you haven't already checked it out, see the page on the developer site:
http://developer.android.com/guide/topics/data/data-storage.html#db
Theres a few ways you can store data. I've created a few applications thats store data using shared preferences
They're quite handy for storing strings, ints, bool values etc. However if you have a large scaled application, that requires better database management, I would look into sqlLite.
Android has supported classes and functions to help access/store the information.
Theres a good tutorial on the android site called notepad that takes you through how to use sqlite.
That should get you started :)
Look at this Thread klick
Edit: its cool for less data, if you want to store and browse lots of data, you should use as SQLite Database
Using a file, database or xml based depends entirely on what kind of application you are building. For eg: If you parse an XML feed and store the results back in an XML file - it totally defeats the storage purpose!
Databases are used to store structured and related content like - news feed results, email client data, etc.
Files are more used for storing raw / binary content like storing images, attachments, etc.
BTW, if you are a beginner - you should try all of them! :)
Hope this helps!