android security gradle android-ndk android-security

Android - Best way to hide API clientId & clientSecret

I would like to have your opinion on the best way to hide an API key and secret key.

I found 2 ways :

Use NDK like that : https://medium.com/@abhi007tyagi/storing-api-keys-using-android-ndk-6abb0adcadad
Use Gradle like that : http://www.techjini.com/blog/securing-api-key-and-secret-key-in-android

I know that risk 0 does not exist but what is the most secure solution ?

Thank in advance

Solution

The NDK seems like your best bet, although not being 100% secure, but it sure is hard to reverse engineer. The gradle way doesn't seem secure at all.

For obfuscation and encryption purposes, you could also take advantage of DexGuard.

How to access a viewmodel as a function argument?
Jetpack Compose: How to correctly force recompose when mutableStateOf object is changed from viewModel?
ViewPager2, get current page viewholder
java.net.ConnectException: failed to connect to /192.168.253.3 (port 2468): connect failed: ECONNREFUSED (Connection refused)
opencv deskewing a contour
Firebase throws "Given sign-in provider is disabled for this project" error when I try to sign up user via app but able to add user via console
Execution failed for task ':app:checkReleaseDuplicateClasses'
Wireless Debugging not working in Android Studio on MAC
How to publish maven library into GitHub Actions locally?
Android emulator not starting at all
MotionEvent changes from ACTION_UP to ACTION_DOWN
Need to hide content of program from Android "Overview Screen"
How to add a quick settings android tile immediately after app install
Creating initial SQLiteDatabase when app is installed
java.lang.IllegalStateException: CompositionLocal LocalLifecycleOwner not present
Run emulator android and docker for windows
Retrofit error-Missing either @GET URL or @Url parameter
Xiaomi, Redmi, Android. Error in Logcat: W PowerChecker.Controller: autoKillApp, calling ProcessManager uid = 10289, pkg = com.termux
Error: Could not find or load main class worker.org.gradle.process.internal.worker.GradleWorkerMain
LinkageError: Method onCreate overrides final method
Firebase App Check error in Flutter's Android Release Builds
com.google.android.play:core has added this note for core:1.8.0 - but app version is very old in email
How to view AndroidManifest.xml from APK file?
Is there a way In Android to listen to Audio Volume Changes only?
What should be the image/bitmap size in Android BigPictureStyle push notification?
buildToolsVersion and compileSdkVersion had been deprecated
Is there some library available for IQR-Codes (not QR-Codes)?
Intent.createChooser doesn't show image or file name
How to change parameters in retry request after error in RxJava
Issue with Retrofit @Path Annotation: API Call Fails to Fetch Data