I’m a complete novice when it comes to SSL and security in general. I

Question

0

Asked: May 20, 20262026-05-20T11:09:07+00:00 2026-05-20T11:09:07+00:00

I’m a complete novice when it comes to SSL and security in general. I

0

I’m a complete novice when it comes to SSL and security in general. I found the following example on how to load a keystore for trusting custom SSL certificates (this is using Apache HTTPClient, btw):

private SSLSocketFactory newSslSocketFactory() {
  try {
    KeyStore trusted = KeyStore.getInstance("BKS");
    InputStream in = context.getResources().openRawResource(R.raw.mystore);
    try {
      trusted.load(in, "ez24get".toCharArray());
    } finally {
      in.close();
    }
    return new SSLSocketFactory(trusted);
  } catch (Exception e) {
    throw new AssertionError(e);
  }
}

I guess you’d need access to the device in order to modify the keystore, but still… isn’t there a problem with the fact that the keystore password (“ez24get”) is readily available in the code? What would it take to compromise an application containing this code?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T11:09:08+00:00

Editorial Team

2026-05-20T11:09:08+00:00Added an answer on May 20, 2026 at 11:09 am

If it is a risk you are willing to take.

Anyone with enough determination to decompile your code could get it. Even if you obfuscate your code, you still run the risk since all they need to do is find the string.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m a complete novice when it comes to SSL and security in general. I

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply