Java – How to hide the public key on Android?

How to hide the public key on Android?… here is a solution to the problem.

How to hide the public key on Android?

Android’s security manual says that it is not safe to save the public key (for the Android market) only as a string and should be hidden/encoded somehow.
Can someone give me an example of how to do it?

(I don’t have a separate server, so I can’t store it there).

Update. Believe, this is a very common task, not related to Android, but also related to other applications.

Solution

The text is frompage you linked toThis is:

Important: To keep your public key safe from malicious users and
hackers, do not embed your public key as an entire literal string.
Instead, construct the string at runtime from pieces or use bit
manipulation (for example, XOR with some other string) to hide the
actual key. The key itself is not secret information, but you do not
want to make it easy for a hacker or malicious user to replace the
public key with another key.

That’s pretty much all you need to know. It doesn’t hurt someone who knows your public key, the potential harm here is someone replacing the public key in your program with their own public key in order to transfer in-app purchases to their own account.

They recommend that you make it more difficult for attackers by storing the key in a separate fragment or XORing the key with other strings. Now, not only are they going to paste their key onto yours, but they also have to figure out what conversion you’ve done with the string and make their own key fit the pattern. That’s more work that might stop the occasional attacker, but not the really determined one.

Related Problems and Solutions