Is it possible? I want my application to use Facebook authentication, but for that I need an app secret. From what I read, the best way available for keeping it secured is to use SharedPreferences, but how can I put it there before using it? If I include it in the source code, it might be discovered by decompilation, so is there a way to put it in the APK and make it be written to SharedPreferences during installation? (I suppose the APK can also be hacked, but it may be harder, I really don't know...) Thanks for any help.
As far as I know, Android obfuscates your code using ProGuard. This will not be secured enough if someone is REALLY looking for the secret key.
You can make their job harder by encrypting your key inside another key. However, this is as secure as you could get to.
Regarding the security of the SharedPreference class, There is a secure implementation of it. ObscuredSharedPreferences is a custom SharePreference class that supports encryption but it still not secure 100%