How To Conceal A Constant String In Your Android Code

Excellence is not enough!

How To Conceal A Constant String In Your Android Code

There are times that you need to put a valuable constant (like a password or a tokens ,etc… ) into you code , but in other hands your valuable data could be read so easily by decompiling the java code . so how to have constants into your code without exposing it to strangers .

The answer is our old friend , C++ !;

By putting your constants into a C++ file , the attacker have to reverse engineer binary code that is so harder to accomplish .

Attention : It’s not impossible to extract a constant from a binary file , and to be tact it’s not so hard but it is far better to left the constants revealed in your code .


Let’s start tutorial , first integrating ndk into your code :

From google docs ; to compile and debug native code for your app, you need the following components:

  • The Android Native Development Kit (NDK): a toolset that allows you to use c and c++ code with android, and provides platform libraries that allow you to manage native activities and access physical device components, such as sensors and touch input.
  • CMake: an external build tool that works alongside Gradle to build your native library. You do not need this component if you only plan to use ndk-build.
  • LLDB: the debugger Android Studio uses to debug native code.

Download and install these tools easily by using android sdk manager , i think at most it contains 1 gb of data .

you Can See More Details From Google Docs



For existing projects create a cpp directory by right click on the root directory in the project pane and selecting new directory name it “cpp” , then right click on cpp folder and create a new c/c++ source file , enter your desired name such as constants , from the type drop-down menu, select the file extension for your source file, such as .cpp . now you have a c++ file to add what ever you want to it.

For New Projects Follow This Google Doc To Continue .

Second step connecting android java code to native c++ , here is how :

Create a folder named jni under src/main :


Create a file named “” under “jni” folder and put these lines to it :

LOCAL_PATH := $(call my-dir)

include $(CLEAR_VARS)

LOCAL_SRC_FILES := Constants.c


Notice That next to the local_src_files I put the c++ file name and next to the local_module I put cpp folder that I’ve created so far , don’t mistake.

Then create and add “application.Mk” file under “jni” folder with the following content:

APP_ABI := all


is for setting different application binary interface or abi. in above case, it is set for all types. more details can be found at

and finally go to c++ file you have created . for me it is constants.c and put code like below:

#include <jni.h> jstring 
BASE_URL = "" ; 
JNIEXPORT jstring JNICALL Java_geeks_ir_aria_data_ServiceGenerator_getBaseUrl(JNIEnv *env, jclass type) 
    return (*env)->NewStringUTF(env, BASE_URL); 


Java_geeks_ir_aria_data_ServiceGenerator_getBaseUrl represents the java code with package name “geeks_ir_aria” followed by package name data and activity/class name ServiceGenerator and native method name getBaseUrl .

So we have the c++ file completed now i have to go to desired class to implement native method .

I jump to data.servicegenerator class to implement native method :

First off before calling native method i have to call :


And finally i define a native method with this method name : getBaseUrl

private static native String getBaseUrl();

Thats It now you have your constants concealed in a file that’s not exposed in your java file.

Attention : to make it easier to create native methods in android studio first you can make a native method like this :

private static native String getBaseUrl();

In your java class and then android studio automatically creates c++ code for you like :

Java_alihadi_ir_hadi_data_ServiceGenerator_getBaseUrl(JNIEnv *env, jclass type) {

    // TODO

    return (*env)->NewStringUTF(env, BASE_URL);

That’s It , Hope You Make Use Of This Article.

For More You Can Look At This Article On Too .


Comments are closed.