How to not hardcode my password (Android)?

Question

in my App i send bugreports via email. I heard that the to hardcode my password here is not secure so how do i protect it?

Is it enough to write into my /res/values and then read it from there?

The reason for this is that i won't use the internal email app. then the user exits my app and thats not very good because he may won't come back

GMailSender sender = new GMailSender("my_emailadress@gmail.com", "my_password");
sender.sendMail("Bugreport", 
                currentQuestion.getID(),   
                "my_emailadress@gmail.com",   
                "my_emailadress@gmail.com"); 

Please help me. Thanks

Answer 1

You can use SHA encryption to encrypt your password:

Below is the code to use SHA encryption:

import java.io.UnsupportedEncodingException; 
import java.security.MessageDigest; 
import java.security.NoSuchAlgorithmException; 

public class AeSimpleSHA1 { 

    private static String convertToHex(byte[] data) { 
        StringBuffer buf = new StringBuffer();
        for (int i = 0; i < data.length; i++) { 
            int halfbyte = (data[i] >>> 4) & 0x0F;
            int two_halfs = 0;
            do { 
                if ((0 <= halfbyte) && (halfbyte <= 9)) 
                    buf.append((char) ('0' + halfbyte));
                else 
                    buf.append((char) ('a' + (halfbyte - 10)));
                halfbyte = data[i] & 0x0F;
            } while(two_halfs++ < 1);
        } 
        return buf.toString();
    } 

    public static String SHA1(String text) 
            throws NoSuchAlgorithmException, UnsupportedEncodingException  { 
        MessageDigest md;
        md = MessageDigest.getInstance("SHA-1");
        byte[] sha1hash = new byte[40];
        md.update(text.getBytes("iso-8859-1"), 0, text.length());
        sha1hash = md.digest();
        return convertToHex(sha1hash);
    } 
}

Answer 2

There is no really secure way to protect you password, if you put it in your app at all. The least thing to do, would be making a separat account, so it's not interlinked with your real account.

Apart from that, I would recommend not using this approach at all. Using the build in mail app isn't that bad. This way the user would know, he is contributing something to making your app better, which is a good thing.

A third possibility would be making a webpage for submitting bugs and sending a HTTP request in your app when a bug occurs. However, let the user know about it, because if not, he may think you're spying on him.

And then, there is the crash reporting mechanism of android which is built in, so you don't have to do anything at all.