Unless your program does not have a server and is a pure client (such as a third-party Weibo client), please put the exchange AccessToken的任务交给你的服务器,并把AppSecret on the server. Saving locally in the App is not absolutely safe.
The OAuth process is different from that of umeng. This is entirely a process design issue, there is no reason why.
There is no absolute security if you save it locally, this is theoretical. This may increase the cost of cracking. Generally speaking, code written in NDK is more difficult to crack than code written in Android's Java code. If you write the encrypted secret in NDK. Then write the encryption key in another place in the code. Decrypt it before use. It is more difficult to decompile and crack the code.
Unless your program does not have a server and is a pure client (such as a third-party Weibo client), please put the exchange
AccessToken
的任务交给你的服务器,并把AppSecret
on the server. Saving locally in the App is not absolutely safe.The OAuth process is different from that of umeng. This is entirely a process design issue, there is no reason why.
There is no absolute security if you save it locally, this is theoretical. This may increase the cost of cracking. Generally speaking, code written in NDK is more difficult to crack than code written in Android's Java code.
If you write the encrypted secret in NDK. Then write the encryption key in another place in the code. Decrypt it before use. It is more difficult to decompile and crack the code.
@ThinkingQuest If the Secret is not saved locally, is there any other way to handle the access to the Secret?