I am working on a project which requires the secret key to be hidden somewhere in the Android app, so that it can't be taken out even after decompilation. The requirement even states that the key should not be visible to the developer, that means it should be embedded into some pre-compiled library. I have tried the following things:
Making Jar and obfuscating the jar, Which becomes unusable after that. And its useless method to work with Strings (it doesn't encrypt Strings).
Making C library and using that library(NDK). The strings can be easily read using linux commands. Example: '$ strings '.
I am trying to find out other ways by which this can be done. Please help me with this. If you have any idea, please share. I would be more than obliged.
Thanks.
It's a hard problem. You're fighting a battle against reverse engineering your application. There are tools that are build for this, notably DexGuard and Arxan. Arxan is really, really clever, but it will cost a lot more than a solution like DexGuard.