Hello, I followed taifun's mysql database tutorial in mit app inventor:
but the problem is when the APK is decompiled using APK Editor or captured using tools like Net Capture, the SQLKEY and database URL are exposed in plain text, I tried obfuscating the text using the "Obfuscated Text" block, but this doesn’t fully prevent it. Is there way to hide these before publishing the APK?
Thanks for yor help
Store them off the app, then pull them in on first run, keeping in memory.
In what way does this not fully prevent it?
I used net capture it showed the url, and using apk editor tool it also showed the SQLKEY
Store them off the app, then pull them in on first run, keeping in memory.
That's a good idea though. but most of apps if you use net capture or some tools it disconnects from the server (I'm not trying to get another apps https requests lol)
Alternatively, use per user authentication (user/pass) then you do not have to worry about your url or key being exposed.
I would like to see how you did that, or at least the method. I decompiled an apk (with apktool) I built with an obfuscated text, I could not find the original text anywhere in the decompiled files.
I used the apk editor pro and clicked the smail button at the top of the screen then searched for "https://" to see if it will show the url and it did show the url. also it showed the sqlkey after searching "SQLKEY"
For both variables i used obfuscated text.
Ok i managed to fix the problem for the apk decompiling i used your idea and for the capture well i used a vpnchecker extension. so if it detects a vpn it will show a dialog forcing user to close the app.
For something I was working on, I setup a google apps script web app, and used Script Properties to store/update/etc sensitive data, this all password protected etc.
ok thanks I'm going to mark your post as the solution
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.