[Solved] How to hide hardcoded sensitive info in the app from getting extracted? [closed]


Now is there a way i can make that java class hidden when the app is decompiled?

No.

At best, using commercial tools like DexGuard, you can make it a bit more difficult for attackers to get the strings, but it is not that difficult for somebody to defeat those tools.

because when a user contacts me, the app sends sensitive data embedded in the email

Do not send sensitive data via email. Send it to your Web service over an SSL connection, using certificate pinning to help block man-in-the-middle (MITM) attacks.

will either result in me having to show the user this sensitive data

It is the user’s data, so it is perfectly reasonable for the user to see that data. After all, it is the user’s device, the user’s battery, the user’s bandwidth, and the user’s time. Your app is only a small piece of the puzzle, at best.

so the only way a user can contact, is the one described above

No, it is not.

now how can i hide the java class file from being seen by people who decompiles the app?

You can’t.

2

solved How to hide hardcoded sensitive info in the app from getting extracted? [closed]