First release for the dummy app to hide secrets in Android.

Signed-off-by: Paulo Silva <[email protected]>

.gitignore

@@ -0,0 +1,14 @@
+*.iml
+.gradle
+/local.properties
+/.idea/caches
+/.idea/libraries
+/.idea/modules.xml
+/.idea/workspace.xml
+/.idea/navEditor.xml
+/.idea/assetWizardSettings.xml
+.DS_Store
+/build
+/captures
+.externalNativeBuild
+.local/

README.md

@@ -5,4 +5,39 @@ A quick demo to show several ways of hiding secrets in a mobile app, like in:
 * source code
 * manifest file
 * gradle file
-* NDK
+* JNI/NDK
+
+
+## SETUP
+
+To set the API key for `GRADLE_ENV_API_KEY`:
+
+```bash
+$ export GRADLE_ENV_API_KEY=$(echo "api-key-for-gradle-file-from-env" | openssl dgst -binary -sha256 | openssl enc -base64)
+$ echo $GRADLE_ENV_API_KEY
+srqGFqMm23R6A7YJbAEmKRuSQ6TWnLq3YNtAWbEoSuE=
+```
+
+To set the API key for `JNI_API_KEY`:
+
+```bash
+$  cp -v app/src/main/cpp/api_key.h.example app/src/main/cpp/api_key.h
+'app/src/main/cpp/api_key.h.example' -> 'app/src/main/cpp/api_key.h'
+```
+
+Now edit the file `app/src/main/cpp/api_key.h` and look for the palce holder
+`ANDROID_HIDE_SECRETS_API_KEY_H` and replace its dummy value
+`place-the-api-key-here` with your desired API key, maybe like:
+
+```bash
+echo "api-key-for-the-jni-file" | openssl dgst -binary -sha256 | openssl enc -base64
+yDbx5R+a6zJ3H76iU9YB9U0GY6DjZ4FiWFb8vCMCdLg=
+```
+
+## RUN
+
+Just start your Android Studio and build and run this project as usual for any
+other mobile app.
+
+The app is a dummy one that only shows in the main screen all API keys hidden in
+the code, just to prove that we can retrieve them.

app/.gitignore

@@ -0,0 +1 @@
+/build

app/build.gradle

@@ -0,0 +1,49 @@
+apply plugin: 'com.android.application'
+
+android {
+    compileSdkVersion 28
+    defaultConfig {
+        applicationId "com.criticalblue.androidhidesecrets"
+        minSdkVersion 15
+        targetSdkVersion 28
+        versionCode 1
+        versionName "1.0"
+        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
+        resValue "string", "GRADLE_API_KEY", 'YXBpLWtleS1zdG9yZWQtaW4tZ3JhZGxlLWZpbGUK'
+        manifestPlaceholders = [GRADLE_API_KEY_PLACEHOLDER: "YXBpLWtleS1wbGFjZWhvbGRlci1pbi1ncmFkbGUtZmlsZQo="]
+        resValue "string", "GRADLE_ENV_API_KEY", "$System.env.GRADLE_ENV_API_KEY"
+        externalNativeBuild {
+            cmake {
+                cppFlags ""
+            }
+        }
+    }
+    buildTypes {
+        release {
+            debuggable false
+            minifyEnabled true
+            shrinkResources true
+            proguardFiles getDefaultProguardFile('proguard-android-optimize.txt'), 'proguard-rules.pro'
+        }
+        debug {
+            debuggable true
+            minifyEnabled true
+            shrinkResources true
+            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
+        }
+    }
+    externalNativeBuild {
+        cmake {
+            path "src/main/cpp/CMakeLists.txt"
+        }
+    }
+}
+
+dependencies {
+    implementation fileTree(dir: 'libs', include: ['*.jar'])
+    implementation 'com.android.support:appcompat-v7:28.0.0'
+    implementation 'com.android.support.constraint:constraint-layout:1.1.3'
+    testImplementation 'junit:junit:4.12'
+    androidTestImplementation 'com.android.support.test:runner:1.0.2'
+    androidTestImplementation 'com.android.support.test.espresso:espresso-core:3.0.2'
+}

app/proguard-rules.pro

@@ -0,0 +1,21 @@
+# Add project specific ProGuard rules here.
+# You can control the set of applied configuration files using the
+# proguardFiles setting in build.gradle.
+#
+# For more details, see
+#   http://developer.android.com/guide/developing/tools/proguard.html
+
+# If your project uses WebView with JS, uncomment the following
+# and specify the fully qualified class name to the JavaScript interface
+# class:
+#-keepclassmembers class fqcn.of.javascript.interface.for.webview {
+#   public *;
+#}
+
+# Uncomment this to preserve the line number information for
+# debugging stack traces.
+#-keepattributes SourceFile,LineNumberTable
+
+# If you keep the line number information, uncomment this to
+# hide the original source file name.
+#-renamesourcefileattribute SourceFile

app/release/output.json

@@ -0,0 +1 @@
+[{"outputType":{"type":"APK"},"apkInfo":{"type":"MAIN","splits":[],"versionCode":1,"versionName":"1.0","enabled":true,"outputFile":"app-release.apk","fullName":"release","baseName":"release"},"path":"app-release.apk","properties":{}}]

app/src/androidTest/java/com/criticalblue/androidhidesecrets/ExampleInstrumentedTest.java

@@ -0,0 +1,26 @@
+package com.criticalblue.androidhidesecrets;
+
+import android.content.Context;
+import android.support.test.InstrumentationRegistry;
+import android.support.test.runner.AndroidJUnit4;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+
+import static org.junit.Assert.*;
+
+/**
+ * Instrumented test, which will execute on an Android device.
+ *
+ * @see <a href="http://d.android.com/tools/testing">Testing documentation</a>
+ */
+@RunWith(AndroidJUnit4.class)
+public class ExampleInstrumentedTest {
+    @Test
+    public void useAppContext() {
+        // Context of the app under test.
+        Context appContext = InstrumentationRegistry.getTargetContext();
+
+        assertEquals("com.criticalblue.androidhidesecrets", appContext.getPackageName());
+    }
+}

app/src/main/AndroidManifest.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="utf-8"?>
+<manifest xmlns:android="http://schemas.android.com/apk/res/android"
+    package="com.criticalblue.androidhidesecrets">
+
+    <application
+        android:allowBackup="false"
+        android:icon="@mipmap/ic_launcher"
+        android:label="@string/app_name"
+        android:roundIcon="@mipmap/ic_launcher_round"
+        android:supportsRtl="true"
+        android:theme="@style/AppTheme">
+        <meta-data
+            android:name="MANIFEST_API_KEY"
+            android:value="YXBpLWtleS1zdG9yZWQtaW4tbWFuaWZlc3QtZmlsZQo="/>
+        <meta-data
+            android:name="GRADLE_API_KEY"
+            android:value="@string/GRADLE_API_KEY" />
+        <meta-data
+            android:name="GRADLE_API_KEY_PLACEHOLDER"
+            android:value="${GRADLE_API_KEY_PLACEHOLDER}" />
+        <meta-data
+            android:name="GRADLE_ENV_API_KEY"
+            android:value="@string/GRADLE_ENV_API_KEY" />
+        <activity android:name=".MainActivity">
+            <intent-filter>
+                <action android:name="android.intent.action.MAIN" />
+
+                <category android:name="android.intent.category.LAUNCHER" />
+            </intent-filter>
+        </activity>
+    </application>
+
+</manifest>

app/src/main/cpp/.gitignore

@@ -0,0 +1 @@
+api_key.h

app/src/main/cpp/CMakeLists.txt

@@ -0,0 +1,44 @@
+# For more information about using CMake with Android Studio, read the
+# documentation: https://d.android.com/studio/projects/add-native-code.html
+
+# Sets the minimum version of CMake required to build the native library.
+
+cmake_minimum_required(VERSION 3.4.1)
+
+# Creates and names a library, sets it as either STATIC
+# or SHARED, and provides the relative paths to its source code.
+# You can define multiple libraries, and CMake builds them for you.
+# Gradle automatically packages shared libraries with your APK.
+
+add_library( # Sets the name of the library.
+        native-lib
+
+        # Sets the library as a shared library.
+        SHARED
+
+        # Provides a relative path to your source file(s).
+        native-lib.cpp)
+
+# Searches for a specified prebuilt library and stores the path as a
+# variable. Because CMake includes system libraries in the search path by
+# default, you only need to specify the name of the public NDK library
+# you want to add. CMake verifies that the library exists before
+# completing its build.
+
+find_library( # Sets the name of the path variable.
+        log-lib
+
+        # Specifies the name of the NDK library that
+        # you want CMake to locate.
+        log)
+
+# Specifies libraries CMake should link to your target library. You
+# can link multiple libraries, such as libraries you define in this
+# build script, prebuilt third-party libraries, or system libraries.
+
+target_link_libraries( # Specifies the target library.
+        native-lib
+
+        # Links the target library to the log library
+        # included in the NDK.
+        ${log-lib})

app/src/main/cpp/api_key.h.example

@@ -0,0 +1,4 @@
+#ifndef ANDROID_HIDE_SECRETS_API_KEY_H
+#define ANDROID_HIDE_SECRETS_API_KEY_H "place-the-api-key-here"
+
+#endif //ANDROID_HIDE_SECRETS_API_KEY_H

app/src/main/cpp/native-lib.cpp

@@ -0,0 +1,16 @@
+#include <jni.h>
+#include <string>
+#include "api_key.h"
+
+extern "C" JNIEXPORT jstring JNICALL
+Java_com_criticalblue_androidhidesecrets_MainActivity_stringFromJNI(
+        JNIEnv *env,
+        jobject /* this */) {
+
+    // To add the API_KEY to the mobile app when is compiled you need to:
+    //   * copy `api_key.h.example` to `api_key.h`
+    //   * edit the file and replace this text `place-the-api-key-here` with your desired API_KEY
+    std::string JNI_API_KEY = ANDROID_HIDE_SECRETS_API_KEY_H;
+
+    return env->NewStringUTF(JNI_API_KEY.c_str());
+}