π¨ My #dcldn25 talk is now LIVE π¨
Going Beyond Obfuscation: Advanced Techniques for Protecting Android Apps
Ed :spaghettiCode:
Ed Holloway-George π¬π§
Sometimes tootin', sometimes computin'
Lead Android Dev @ ASOS and GDE
Pronouns
he/him
Twitter
@Sp4ghettiCode
Interests
Android, Mobile Security & more
Wrote a quick blog post about the newest AndroidX library 'androidx.text:text-vertical' πβ¨
Learn about the cool functionality this provides and why this is important, particularly if you read Japanese newspapers π―π΅π°
Read more:
https://www.spght.dev/articles/13-09-2025/androidx-text
Just released v1.1.0 of my fork of 'encrypted-shared-preferences'
π¨ This version introduces a breaking change for API 21/22 users due to Tink's latest version bumping the minSdk to 23 π¨
Check out the release notes for more info
https://github.com/ed-george/encrypted-shared-preferences/releases/tag/1.1.0
I am really enjoying using Warp as my daily Terminal
I never thought AI and the terminal would mix, but it's definitely helped improve so much of my workflow π
Highly recommend giving it a try if you haven't already!
Looking forward to seeing many of my favourite developers and the wider Google community in Berlin next week!
Hope to see you there π
My talk from this year's Android Makers in Paris is now available
π£οΈ How to keep your app's secrets, secret π€«
- Learn about how to secure API keys
- Tools and methods to secure your repos
- A couple of recipes you can apply to get secret-free codebases
https://www.droidcon.com/2025/05/10/how-to-keep-your-apps-secrets-secret/
A reminder that if you *need* on-going Encrypted Shared Prefs support, I have my own fork that is being maintained with dependency updates and bug-fixes
I have just pushed v1.0.2 this afternoon π
https://github.com/ed-george/encrypted-shared-preferences/releases/tag/1.0.2
In case you missed it, Android apps including Facebook, Instagram, and several Yandex apps including Maps and Browser have been silently listen on fixed local ports for tracking purposes
Disclosure and findings can be found below:
https://localmess.github.io
AndroidX Security Crypto got an update yesterday!
Bad news, it's just a version bump to take it out of alpha (and nothing else)
Still totally deprecated π Sorry!
π¨π¬ Oh no, Postman is logging your secrets!
If you are using Postman, it seems like the time to find an alternative
Read more here:
https://anonymousdata.medium.com/postman-is-logging-all-your-secrets-and-environment-variables-9c316e92d424
Android 16 finally adds official support for enabling certificate transparency within your apps ππ
Wondering what that is and why is that good news?
Check out my latest blog post here:
https://www.spght.dev/articles/21-04-2025/crystal-clear-certs
The slides for my talk "How to keep your app's secrets, secret" are now available
π½οΈ https://speakerdeck.com/sp4ghetticode/redacted-how-to-keep-your-apps-secrets-secret-amxdc-25
Merci d'Γͺtre venus β¨ See you again soon βοΈ
So what's next? To find out what this all means, check out my blog post
https://www.spght.dev/articles/28-05-2024/jetsec-deprecation
Another day, another bad case of supply chain attack shenanigans π°
If you use GH Actions, please check your setup for any usage of "tj-actions/changed-files"
@cketti ah I see. That's a really important distinction I missed. Thanks for flagging that π TIL x 2
TIL comments are technically allowed within the domain or the username parts of email addresses!
For example, foo@(comment)bar.com and foo@bar.com(comment) are both equivalent to foo@bar.com
π€― Did you know this?
Source RFC 2822: https://datatracker.ietf.org/doc/html/rfc2822#appendix-A.5
Really pleased to have joined the talented team at Kraken as an Android Lead
Excited to get started and deliver green energy tech to the masses π
π London bound...
I'm 21 today! π (in hexadecimal)
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst