Question

I have signed up for the Android Backup Service, and have been given a key to put in my AndroidManifest.xml. My application is open source, but I do not want to have the key publicly visible in my repository. How should I encrypt the key so that is decryptable only in my application?

Was it helpful?

Solution

My application is open source, but I do not want to have the key publicly visible in my repository.

Put the key in a string resource, in a separate resource file (e.g., res/values/omg_do_not_commit_this_to_the_repo.xml). Then, do not commit that file to the repo (e.g., if you are using Git, add the file to .gitignore).

OTHER TIPS

AndroidManifest.xml does not support any form of encryption for your keys. You should simply not check it into the public repository to prevent it from being shared

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top