static final String ANDROID_KEY_ALIAS_PASSWORD
Monkey Targets Forums/Android/static final String ANDROID_KEY_ALIAS_PASSWORD
| ||
static final String ANDROID_KEY_ALIAS_PASSWORD="..."; static final String ANDROID_KEY_STORE_PASSWORD="..."; I don't think these strings need to be passed to the MonkeyGame.java file? Potential security liability if people are not using unique passwords? |
| ||
For anyone who doesn't know, Android files can be decompiled very easily. There are online services that do it for free http://www.decompileandroid.com/ If you use this to test you'll find they end up in MonkeyConfig.java Two problems with this 1 if people mistakenly use common passwords and happen to use them here they could be in big trouble 2 if people know enough about you they could potentially create a new keystore that they could use for malicious purposes, would defeat the purpose of signing apks in the first place. Having this liability defeats the convenience of signing by including these lines in the source. There should be a way to filter these things out from ending up in the final source as there is no good reason for them to get there. Maybe double hash/pound or pound at end of line. |