Hi All,
Below is an excerpt from AndroidAccountStore class which is part of the Xamarin.Auth implementation.
internal class AndroidAccountStore : AccountStore
{
Context context;
KeyStore ks;
KeyStore.PasswordProtection prot;
static readonly object fileLock = new object ();
const string FileName = "Xamarin.Social.Accounts";
static readonly char[] Password = "3295043EA18CA264B2C40E0B72051DEF2D07AD2B4593F43DDDE1515A7EC32617".ToCharArray ();
As you probably notice, the implementation requires that the password for the KeyStore used on Android is hard-coded.
IMHO, the password could be retrieved using a disassembler, and that would make the keystore file easy to load and inspect.
Anyone could propose a different (more secure) approach?
Thanks!