3 Ways to Secure Secret Keys in Android

As an Android developer, it’s important to keep sensitive information like secret keys safe from prying eyes. Secret keys are used to authenticate and authorize access to various services (i.e crash reporting, map, remote logging etc..), and if they fall into the wrong hands, it can lead to security breaches and data theft. In this blog post, we will explore some techniques for hiding secret keys in Android app code.

Photo by Michael Dziedzic on Unsplash

1. Secrets Gradle Plugin for Android

This plugin is mainly for hiding secret keys from version control. You might have an open source project, and with the help of this plugin, you could hide your secret keys of your public project. This plugin provides a convenient and secure way to store sensitive information such as API keys, passwords, and tokens, without having to directly include them in your app code.

The Secrets Gradle Plugin works by allowing you to define secret values in a separate properties file, which is not included in your app code. You can then reference these secret values in your app code using Gradle properties, which are dynamically resolved at build time.

To use the Secrets Gradle Plugin in your Android app, you can follow these steps:

1. Add the Secrets Gradle Plugin to your project’s root build.gradle as a dependency: