我在应用程序中有一段代码,它在运行时检索应用程序证书并将其用作加密某些机密信息的密钥。Android apk安全性如何安全
某些攻击者是否有可能通过反编译我的代码来获取该证书byte[]
或者该证书是否仅对我的应用程序可见?
这里是我拿到证书:
PackageManager pm = this.getPackageManager();
String packageName = this.getPackageName();
int field = PackageManager.GET_SIGNATURES;
PackageInfo packageInfo;
packageInfo = pm.getPackageInfo(packageName, field);
Signature[] signatures = packageInfo.signatures;
// and here we have the DER encoded X.509 certificate
byte[] certificate = signatures[0].toByteArray()