I have signed up for the Android Backup Service, and have been given a key to put in my AndroidManifest.xml. My application is open source, but I do not want to have the key publicly visible in my repository. How should I encrypt the key so that is decryptable only in my application?
My application is open source, but I do not want to have the key publicly visible in my repository.
Put the key in a string resource, in a separate resource file (e.g., res/values/omg_do_not_commit_this_to_the_repo.xml). Then, do not commit that file to the repo (e.g., if you are using Git, add the file to .gitignore).