android - AppSecret 怎么加密保存在本地?
阿神
阿神 2017-04-17 16:15:48
0
3
673
  1. 以微信微博oAuth认证为例,看官方提供的获取AccessToken并不需要AppSecret传入,但是使用Umeng时需要传入,为什么?

  2. AppSecret怎么安全保存在本地?

谢谢

阿神
阿神

闭关修行中......

reply all(3)
小葫芦

Unless your program does not have a server and is a pure client (such as a third-party Weibo client), please put the exchange AccessToken的任务交给你的服务器,并把AppSecret on the server. Saving locally in the App is not absolutely safe.

黄舟

The OAuth process is different from that of umeng. This is entirely a process design issue, there is no reason why.

There is no absolute security if you save it locally, this is theoretical. This may increase the cost of cracking. Generally speaking, code written in NDK is more difficult to crack than code written in Android's Java code.
If you write the encrypted secret in NDK. Then write the encryption key in another place in the code. Decrypt it before use. It is more difficult to decompile and crack the code.

黄舟

@ThinkingQuest If the Secret is not saved locally, is there any other way to handle the access to the Secret?

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template