I have ‘secured’ the communication between my android application and a tls server providing

Question

0

Asked: May 27, 20262026-05-27T00:13:12+00:00 2026-05-27T00:13:12+00:00

I have ‘secured’ the communication between my android application and a tls server providing

0

I have ‘secured’ the communication between my android application and a tls server providing a financial transaction service, currently in development.

The security credentials are stored in a BKS keystore included in the Android apk. The password to the keystore is visible in plain text in the application source:

keyStore.load(is, "passwd".toCharArray());

I am concerned that if someone was to reverse engineer the app, they would be able to impersonate another user and compromise the security of the service.

I was wondering whether there is a fault in my implementation, if anyone else has this concern, and what the best method of securing against this possibility is.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-27T00:13:13+00:00

Editorial Team

2026-05-27T00:13:13+00:00Added an answer on May 27, 2026 at 12:13 am

I believe that Diffie-Hellman Key Exchange is what I was looking for. I’d rather not have to re-implement my own version of DH using a complicated process which involves the user.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I have ‘secured’ the communication between my android application and a tls server providing

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply