Skip to content

Security

Jump to bottom Edit New page
Jay Massena edited this page Jan 30, 2014 · 4 revisions

Network data

  • All data transmitted across the network to our service is encrypted vis https.

Data persisted to the device

  • User entity including their password is saved in shared preferences which is stored on the device. The users password is encrypted.
  • User images are cached on the device as files using encrypted names.

Service secrets

  • Access keys for aws, bing and other services are never stored on the device.

Android apk file

  • easy to open apk file using any jar/zip tool.
  • fully accessible: everything in res tree including images, custom fonts, anything in raw dir, xml files are compressed as binary unless they are in the raw dir.
  • manifest is there but binary compressed.
  • all properties files are completely visible.
  • there are easy to get tools that will turn dex into source code.
  • we can obfuscate the apk which will slow down but not stop a determined hacker/pirate.
  • obfuscation makes debugging and logs much harder to work with.
  • link with discussion about breaking obfuscated android apps: http://www.linkedin.com/groups/How-DEobfuscate-Android-apk-get-86481.S.157274062
Add a custom footer
Add a custom sidebar
Clone this wiki locally