KUNGFU TECH vietnam

Câu hỏi phỏng vấn Android
Câu hỏi

What are best practices for storing and pr...

Câu trả lời

Here are some best practices for securely storing and protecting private API keys in Android applications:

  1. Use the Android Keystore system to store cryptographic keys in a secure container that makes them difficult to extract from the device[1][4]. The keystore system prevents key material from entering the app process and can bind keys to the device's secure hardware like the Trusted Execution Environment (TEE) or Secure Element (SE)[4].

  2. Generate a public/private RSA key pair using the Android Keystore API. Store the private key securely in the keystore and use it to encrypt an AES symmetric key. The AES key is then used to encrypt the API keys before storing them[1]. When the app needs the API keys, it retrieves the encrypted AES key from storage, has the keystore decrypt it with the private RSA key, and then uses the AES key to decrypt the API keys.

  3. Never store API keys directly in source code, shared preferences, or other insecure locations. Obfuscation and encryption are not sufficient protection[2].

  4. Consider storing API keys on your own secure server instead of in the app. Have the app send requests needing the keys through your server, so the keys never leave the server[2]. This adds l...

senior

senior

Câu hỏi trướcWhat is the difference between getContext() , getA...
Câu hỏi tiếp theoCan you manually call ...

Gợi ý câu hỏi phỏng vấn

senior

What is the difference between Android Timer and a Handler to do action every N seconds?

senior

Discuss Singletons vs. Application Context for app-global state

junior

What is an Intent in Android?

Bình luận

Chưa có bình luận nào

Chưa có bình luận nào