Encrypt Strings.xml to Protect Data in Android Apps

Learn 3 Easy Steps to Encrypt Strings.xml in Android apps. This protects sensitive string data stored in Android apps

The soft belly of any application are the strings and resources that can be easily understood from the application without using specialized tools, for example phrases, URLs, tokens, passwords etc. Unlike the java strings and the assets folder which are encrypted by Appdome Strings and Resources encryption, the string resources, usually under strings.xml file, can’t be encrypted on the device because the OS needs to access it. This KB article provides step by step instructions on how to encrypt Sensitive strings.xml values in Android apps.

To provide our customers overall security protection of their Android app, Appdome’s XMLEncrypt™ service encrypts the sensitive strings stored in the localizable locations in Android. Now you can easily enhance the security of your app against malicious attempts to read the app’s content.

We hope you find it useful and enjoy using Appdome!

Why Encrypt Strings.xml in Android Apps?

In Android apps, the strings.xml is often used by the OS (i.e. to show the application display name and to hold the localizable string resources). Additionally, it is common for mobile app developers to store all the app strings including sensitive data and values inside this folder. Since the strings.xml file can’t be encrypted as a whole, Appdome’s XMLEncryptTM   provides a way for customers to encrypt all the sensitive strings in the strings.xml folder that are not used in the app manifest or by the OS.

As seen in the screenshot below the XMLEncryptTM service replaces the sensitive strings with XXXX. Strings from the android support library and other google public libraries will not be encrypted.

Appdome is a no-code mobile security and development platform that enables anybody to add a wide variety of security features, SDKs, and APIs to Android and iOS apps. Using a simple ‘click to add’ user interface, Appdome allows anyone to easily integrate strings, resources, and in-App preferences encryption to any mobile app – instantly, no code or coding required.

Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. The Appdome technology adds strings and resources encryption alongside relevant standards, frameworks and more to the app automatically, with no manual development work at all.

How to Encrypt Strings.xml using Appdome

Follow these 3 easy steps to Encrypt Strings.xml

Start by adding a mobile app to your Appdome account. If you don’t have an Appdome account, click here to create an account.

  1. Click Build, then select Security
  2. Switch on XMLEncryptTM
  3. Click Build My App. encrypt strings.xml in android apps

Prerequisites for XMLEncrypt:

In order to use Appdome’s no code implementation of XMLEncrypt, you’ll need:

  • Appdome account – IDEAL level account.
  • Appdome-DEV access
  • Mobile App (.ipa for iOS, or .apk or .aab for Android)
  • Signing Credentials (e.g., signing certificates and provisioning profile)

After Building Your App on Appdome

After successfully building the app, the app needs to be signed in order to deploy it.  Optionally,  you can also brand or customize apps using Appdome. Read this KB article to learn how to sign, customize, brand, and deploy apps using Appdome.

How Do I Learn More?

Check out Appdome’s TOTALData Encryption or request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Gil Hartman

Have a question?

Ask an expert

EnrikaMaking your security project a success!