是的，这是一个pretty的普遍问题，但我想感受一下来处理一个应用程序，涉及基地瓦特/ Web服务器的敏感数据分配给应用程序的最佳途径。任何链接，一般信息咨询等。将AP preciated。

由于该应用将存储从数据库retreived持续性数据的一定量的时间..一切都变得有些敏感。

解决方案

在设备上存储敏感数据

这在很大程度上取决于你的听众。通常情况下，Android操作系统禁止访问彼此的文件的应用程序（如数据库，preference文件，存储在应用程序的私有目录普通文件），利用成熟的Linux文件权限。然而，根设备的应用程序能获得root访问权限，并宣读了一切。有几件事情要考虑：

如果你知道你的用户不会有根（例如，如果你不分发通过Android Market的应用程序，但只有在你的公司，或者类似的东西），你可以简单地依靠Android的基于文件系统的安全性。 如果用户确实获得root权限，他会很注意自己的应用程序，他给出了特权，以 如果一个应用程序确实获得root权限，它可以发泄很多浩劫。在您的应用程序中的信息可能是最少的了用户的后顾之忧。 生根导致零保修。包括应用程序。您可以不承担责任上有根电话泄露信息。

最后，如果你的信息是不是超级骗子敏感（例如信用卡信息），我建议只由机器人提供的默认安全贴（即保存所有内容以纯文本格式，知道其他应用程序不能访问它）。

否则，加密是要走的路。这不是100％安全（黑客可以反编译你的应用程序，并找出如何对数据进行解密），但它是一个重大的痛苦的骨头，将停止大部分黑客的攻击。特别是如果你喜欢的东西 ProGuard的模糊处理code。

传输敏感数据从服务器到设备

您这里有几个选项。首先，始终使用https。启用HTTPS后，这里有两个额外的保安措施，我建议：

使用API​​密钥系统。包括在所有请求该API密钥和发送任何响应返回之前检查它在服务器端。请记住，因为你正在使用HTTPS，攻击者不能只是使用网络嗅探器来找出你的API密钥。然而，这是pretty的容易弄清楚，如果有人反编译你的应用程序，这就是为什么你可以进一步混淆它（除了使用ProGuard的）。例如，你可以继续分解成碎片各地的code（例如静态成员在两个或三个班）的API密钥。然后，当你发送一个请求，你只是串联所有这些片段。你甚至可以使用一些其它种类的变换（如位移），使其更难从反编译code搞清楚。 您可以生成一个密钥，你发送一个请求每次。该密钥将通过使用一些逻辑只有自己知道，这样就可以实现它客户端和服务器端，以及产生。例如，一个请求可以包括以下参数： 时间= 1321802432＆放大器;关键= [生成键] 其中，生成密钥从时间参数生成。例如： MD5（时间+盐）。当服务器接收到这个请求时，它可以做两件事情： 检查键确实等于 MD5（时间+盐）（注意，只有在客户端和服务器知道该盐并可以类似地混淆到API键以上），和 检查时间是不是太靠后了过去（例如，如果它超过1-2分钟过去，考虑请求无效）。

第二种方法是比较有用，如果你也做普通的HTTP请求，每个人都可以看到正在发送的参数。此外，这是更难从反编译的code弄清楚。特别是如果你US $ p $垫在多个类别的关键计算逻辑。

然而，需要注意的是什么就不可能破解你的应用程序。你可以混淆，只要你想尽可能多的，如果一个黑客的真的确定让你的数据，他将能够因此通过反编译应用程序，并度过多少个不眠之夜通过您的code并找出如何请求形成。唯一的真正的保护数据的方式是通过要求用户输入密码，除了做所有我写上面的工作。你不能得到一个密码，只存在于一个人的（用户）磁头从反编译code：）

Yes this is a pretty general question but I'm trying to get a feel for the best way to handle an app that touches base w/ a webserver that distributes sensitive data to the app. Any links, general information advice etc.. would be appreciated.

Since the app would store persistant data retreived from the database for a certain amount of time.. everything becomes somewhat touchy.

解决方案

Storing sensitive data on the device

That depends very much on your audience. Normally, the Android OS prohibits apps from accessing each other's files (i.e. databases, preference files, regular files stored in the app's private directory) through proven Linux file permissions. However, on rooted devices an application can obtain root access and read everything. A few things to think about:

If you know your users won't have root (e.g. if you are not distributing the app through Android Market, but only in your company, or something like that), you can simply rely on Android's filesystem-based security. If a user does get root access, he will be very careful what application he gives that priviledge to If an app does get root access, it can wreak a lot of havoc. The information in your app could be the least of the user's worries. Rooting leads to zero warranty. Including in apps. You can't be held responsible for leaking information on a rooted phone.

To conclude, if your information is not super-duper sensitive (e.g. credit card information), I'd suggest just sticking with the default security provided by Android (i.e. save everything in plain text, knowing other apps can't access it).

Otherwise, encryption is the way to go. It's not 100% secure (a hacker could de-compile your app and figure out how to decrypt the data), but it's a major pain to crack and will stop most hackers. Especially if you obfuscate your code with something like ProGuard.

Transferring sensitive data from the server to the device

You have a few options here. First of all, always use HTTPS. After enabling HTTPS, here are two extra security measures I would propose:

Use an API key system. Include this API key in all your requests and check it on the server side before sending any response back. Remember that since you're using HTTPS, an attacker would not be able to just use a network sniffer to find out your API key. However, this is pretty easy to figure out if someone decompiles your app, which is why you can obfuscate it even further (besides using ProGuard). For example, you can keep the API key broken up into pieces all around your code (for example as static members in two or three classes). Then, when you send a request, you just concatenate all those pieces. You can even apply some other sort of transformation (e.g. bit shifting) to make it even harder to figure out from the decompiled code. You can generate a key every time you send a request. That key would be generated by using a bit of logic that only you know, so that you can implement it client- and server-side as well. For example, a request could include the following parameters: time=1321802432&key=[generated-key] where generated-key is generated from the time parameter. For example: md5(time + salt). When the server receives this request, it can do two things:

Check that key is indeed equal to md5(time + salt) (note that only the client and the server know the salt and it can be obfuscated similarly to the API key above), and Check that time is not too far back in the past (e.g. if it's more than 1-2 minutes in the past, consider the request invalid).

The second method is more useful if you are also doing plain HTTP requests, where everyone can see the parameters being sent. Also, it's much harder to figure out from decompiled code. Especially if you spread the key calculation logic across multiple classes.

However, note that nothing makes it impossible to crack your app. You can obfuscate as much as you want, if a hacker is really determined to get to your data, he will be able to so by decompiling your application and spending many sleepless nights passing through your code and figuring out how the requests are formed. The only real way of securing your data is by asking your user for a password, besides doing all the work I wrote about above. You can't get a password that only exists in someone's (the user) head from decompiled code :).