Best practice for storing and protecting private API keys in applications [closed]
As it is, your compiled application contains the key strings, but also the constant names APP_KEY and APP_SECRET. Extracting keys from such self-documenting code is trivial, for instance with the standard Android tool dx. You can apply ProGuard. It will leave the key strings untouched, but it will remove the constant names. It will also … Read more