Android applications security — part 1, reverse engineering and token storage problems
Regardless of how much we will try to protect our applications against the unauthorized use of our secret key, a potential attacker with the appropriate knowledge and tools will not have much difficulty in reading its value. Therefore, the only reasonable way to protect our key is to never let it touch our application.
There are many ways you can store keys and tokens in your Android applications — directly in the code, inside your database or by using NDK layer. But in terms of security — should you do it at all?