Hello all developers, from many years I have seen app developers want solution to keep their api key and any other key secure within the app and you all know all developers using ‘Obfuscation’ which can be hacked by any professional by reverse engineering the apk.
For this problem our team develop extensions for every developer with different pattern for encryption and decryption which will convert all letters (alphabets, numbers and symbols everything into something else which nobody can understand and decode)!. If you want to secure your app you can PM me.
Ads extensions are already in the market, right now we’ve 100% hackproof method ready (our extension) to keep safe api key, aes key & other data within the app. If anyone running financial app or any other security required app then he/she can dm.
The extension is itself a premium one! we cannot provide it without payment, but we can provide you an apk in which we put an api key and you can see that api key by clicking a button but you will not be able to extract that api key by any means or tools to explore apk data. Cost of our extension is $25 or Rs.2000 only. Any interested developer can dm to test (reverse engine) the apk.
When you communicate with an API over HTTPS, the data is encrypted during transmission, making it significantly impossible for someone to intercept and read the contents of the requests.
The important thing is to protect the key or data within the app and that’s why we have developed this extension.
We are providing this extension with different encryption algorithm for each buyer so that there will be 100% protection of the data.
We will provide apk with two text box, in 1st
text box paste your key/data
click button which will generate encrypted and
protected data
now copy from textbox2 and enter manually the
encrypted key/data using unprotect function
Build your apk, now nobody in this world can
get your api key, base id, table name etc. OR
if you want to use same data in various screens
just use tiny Db (IMPORTANT: In tiny db store
only protected data, i.e. data from protect
function.
The blocks provided above are only for usages where protect and unprotect functions used in one app. Use of this extension is not like that! use one app to use protect function and use unprotect function in another app.
Airtable, firebase RDB doesn’t encrypt data their own, when you make http request your api key will be available in that request. In your own example keys are vulnerable, anybody can get airtable and firebase api key.
No, not like that! What you will intercept during connection is URL’s only, all other things via Https are encrypted. If you are using firebase real time database and rules tehreon are true for r/w then your database can be compromised. We need to protect or encrypt only those things which can provide access over database not any other reference to the db. API key cannot be intercepted during the connection either for Airtable or Firebase unless extracted from apk.
keys are vulnerable, anybody can get airtable and firebase api key.
please see the bottom line of edited main post.
We have used our extension in this app (attached apk) to protect API key, Base Id, Table Name & Column name of airtable database. No obfuscation is used. Data is retrieved & updated to Airtable in this app. Now you can try to hack this app in which everything is placed inside the apk with encryption (protected using our “Data Encryptor” extension). Extract API key, Base Id, Table Name and change first three entries namely ‘data1’, ‘data2’ & ‘data3’. All developers/hackers are welcome to try to hack this app!
Dear user, you can see in this post ‘Mr.Sumit’ has told us using http interception API keys & other data which transfers over web can be intercepted & he did what he said. So, we are making it more secure so that no app can be hijacked and every developer must keep their API keys and other data 100% secure and encrypted. We request you to wait for some time, we are updating this extension with more security.
Hi Sumit, we have made some changes in our “APIProtector” extension. Now this extension will find rooted device and if rooted or android version is lower than Android-8 i.e. API level 26 then stops the user to go ahead. In this app we have used another Airtable Database, now I request you to Intercept web request using tools available to hack the app and extract out the Airtable API key, Base ID, Table Name & Column Name.