I'm programming an Android app in Java, and part of the app sends an email from my email account to another email account. I'm using JavaMail to achieve this.
It's all working very well, except my password for the email account that I'm sending from is hardcoded into a variable in my program. I don't want to user to be able to access this variable. Do I need to encrypt it? How would I go about doing that? Is there a way to configure JavaMail so I don't have to store my password anywhere on the device?
Here is the code that I'm using to store the email and password. It's just static variables in their own class:
public class Config {
public static final String EMAIL ="[email]@gmail.com";
public static final String PASSWORD ="[password]";
}
I've tried activating two-factor authentication on the account, but JavaMail fails in that case.
I don't want to go into the specifics of the app, but no one outside of my home city would have any reason to ever download this app. It's for an entirely local purpose. It's a password that I've never used anywhere else and it's an email account that I made specifically for this application, so I'm not taking a major risk here. I would still like to be as safe as possible.
If you hard-code your password into the program there's no way to prevent someone from getting it out if they want to.
Instead of sending the email from the app, you could set up a web server that the app can connect to. If sending the email is a must you can then send the email from this web server. This way the credentials are on your private server rather than on the app you send to everyone.