Hackers Get My Mysql database key & url by decompiling the apk

Hi please help me is there was any way to hide our mysql key and url from hackers.

Hackers decompile & take my app all details of mysql and creates script from which user can add unlimited coins in their account…

Thats whay i cant judge whe is real user and who is feak.

Give me any way to secure & hide my mysql key from hackers…

I have used deephost mysql extension…

i have same quetion .
i have an idea , you should use “set database URL” & “set database Key” Blocks and get value from firebase databse its more secure.
sorry for my bad english , i dont speak it.

You could try



Greetings @FFi_Sumit ,

You can try obfuscated text component which is avilable on strings section at Kodular blocks. This provides an addictional layer of security to your mysql keys which will be bit hard to find when decompiling the application. I hope this helps.

Kind Regards,

Are you sure about that?

1 Like

Yup, I have tried to decompile my own application. It was not showing the exact keys when I used obfuscated text. It seems like basic salting which brings an additional layer of security.

1 Like

The obfuscate text provides a very little security, it’s not that hard to break it.
It’s just that when you use Obfuscate text block, strings will not be in the original form.


Well, if you believe that using this block will secure your application, then go ahead.

1 Like

My man, never ever store any passwords, especially database passwords, inside your app! It is incredibly easy to read, even if you obfuscate it. If you need to manage that kind of stuff using a server, write a PHP script. Users will still be able to give themselves infinite points, but at least they wont be able to delete other users points.

Right, as you said when we decompile the apk the keys won’t be on it’s original form. That makes it harder for hackers to decode the keys.

Nothings is secure in the internet world. Security here refers to the total time taken to crack.

Let’s read the AppInventor documentation.

Warning: This provides only very low security against expert adversaries

Does it make it harder to decompile? Maybe. But is it effective? Probably not.

Eh, storing passwords for databases in software you ship out still is propably the worst thing you can do. That argument really does not make sense in that context. I mean if you want literally everyone to be able to clear your databases, sure, ship it out. But if you want to minimize damages, do the processing server side. And if you want to be literally everyone (from indie dev to AAA companies) do your processing server side! It’s not that hard to figure out