This is a sample code demonstrating how to keep secured values inside of C++ NDK library under the protection of signing certificate.
- Implementation of C++ NDK library inside of Kotlin App
- How to make use of signing certificate to protect secret values.
- How to call native library methods inside of a Kotlin class
- How to invoke Java framework methods from inside of NDK library
- How to implement C++ classes wrapping Java objects
Configured with:
- C++
- Kotlin
- Gradle
- NDK
- Makefile
Suppose, you come across a development task where you need to keep a build time secret value inside of your app code. And you do not want to hardcode it in Kotlin or Java code since a hacker can retrieve it by reverse-engineering the app code. AND Of course, you do not want to pay to App Shielding solutions for protecting your data :)
Reverse engineering Kotlin/Java code is very easy compared to C++ code. If we want to keep secret values relatively more secure. we can keep them inside of the NDK C++ code layer and Kotlin app code can get them by calling the native function exposed by the NDK library.
How to keep values securely inside of C++ code:
Keeping the secret values inside the C++ NDK library is not enough because anyone can load the library (System.load library("keyholder-lib") and call the native method to retrieve so-called secret values. An important part of this solution is to keep secret values securely inside the C++ code. This can be done by making sure, the caller code is signed with a known signing certificate. If the signing certificate of caller code matches with the expected certificate inside the NDK layer only then it return the secret value to caller code.
- Secret values inside of C++ code can be kept as XOR values. Before returning to app layer they can be decrypted to original values.
- To help the development phase, we can have variant implementation of keyholder library depending on Debug or Release builds.