I am creating a mobile application (Android and iPhone) and plan to require client side SSL authentication. For this, my application has a baked client certificate file. On the Android side, this is a keystore containing a private key. Both keys and keys have a password.
My question is: how / where should I store passwords in the keystore and key?
The application code needs them to open the keystore when connecting SSL to the server, so they must be available for the application.
Should they be saved as tangled lines in the application source code? Or is there an even more generally accepted way (read: better) that I do not see this?
, , , (1) , (2) , , , . (2) , , ( ). (1), - , , , , - , ( , APK/, SharedPreference, .., , - .
, ; ( ..), . , , .
http://developer.android.com/guide/topics/data/data-storage.html
" SharedPreferences SQLite Android.
SQLite, iOS , .