I make an application for android on JavaScript. The application is bilju using cordova, but the problem is that I use the api of one service and its key is written directly in the code. Therefore, if you open the apk file through the archiver and find the script, then the attacker will be able to use my access key. How can I defend myself in this case to keep the application working?

  • no way. if need be decrypted. or just look at the network traffic. Transfer this functionality to your own server. - Mikhail Vaysman
  • @Mikhail Vaysman depending on how to encrypt "if they need to be decrypted" - MoJlo4HuK
  • @ MoJlo4HuK decryption key must be stored in the application. If the key is available, then the reliability of any cipher is close to zero. - Mikhail Vaysman
  • @Mikhail Vaysman Amen :) - MoJlo4HuK

0