Android项目中http数据传输加密问题方案以及NDK编译加密算法

项目中app和后台服务交互基本是用http请求方式，在调取接口的信息传递基本是明文，这样的数据很容易被抓包看到数据，恶意的用户可能通过抓到的数据修改不可用数据，调取接口，这样是项目不允许的。
参考之前银行的项目，在交易的过程，会涉及到很多隐私的信息，这里处理方案是在传递过程中，加了一个锁标示，这个锁标示是由当前传递参数+系统时间+用户唯一标示加密生成，后台接受到参数，然后按照同样的加密方式得到的值与传递过来的参数进行比较，相同则认为这个请求正常。

方法：

1.在代理请求的类中处理加密的逻辑，用到的基本的MD5对数据加密，后台用同样的方式加密

2.登录加密用的是对称加密方式，主要是密码需要加密所以没用MD5

整个项目提交到测试中心，发现代码里面会存在很多硬编码，APP破译可能对整个项目带来不安全隐患，于是想到一个可接受的方案，利用NDK编码将加密文件用C++代替编译成SO库使用
PS:虽然SO库也可以被别人反编译，但是相对java代价可能更高点，于是这边的用户接受了这种方式
具体代码如下：
Android.mk

LOCAL_PATH := $(call my-dir)

include $(CLEAR_VARS)

LOCAL_MODULE    := nxyd_parameter
LOCAL_SRC_FILES := main.cpp md5.cpp
LOCAL_LDLIBS += -llog -ldl

include $(BUILD_SHARED_LIBRARY)

Application.mk

APP_ABI := all
APP_STL := gnustl_static

main.cpp

#include <jni.h>
#include <stdio.h>
#include <string.h>
#include "md5.h"


extern "C" {
    JNIEXPORT jstring JNICALL Java_com_example_hellojni_HelloJni_encryptByMD5(JNIEnv* env, jobject obj, jstring strText);
};



JNIEXPORT jstring JNICALL Java_com_example_hellojni_HelloJni_encryptByMD5(JNIEnv *env, jobject obj, jstring strText)
{
    const char * path = env->GetStringUTFChars(strText, NULL);
    std::string str = path;
    MD5 md5(str);
    std::string  result = md5.md5();
    char* p = const_cast<char*>(result.c_str());
    return env->NewStringUTF(p);
}

md5.cpp

/* MD5
 converted to C++ class by Frank Thilo (thilo@unix-ag.org)
 for bzflag (http://www.bzflag.org)

   based on:

   md5.h and md5.c
   reference implemantion of RFC 1321

   Copyright (C) 1991-2, RSA Data Security, Inc. Created 1991. All
rights reserved.

License to copy and use this software is granted provided that it
is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software
or this function.

License is also granted to make and use derivative works provided
that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material
mentioning or referencing the derived work.

RSA Data Security, Inc. makes no representations concerning either
the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is"
without express or implied warranty of any kind.

These notices must be retained in any copies of any part of this
documentation and/or software.

*/

/* interface header */
#include "md5.h"

/* system implementation headers */
#include <stdio.h>
#include <string.h>


// Constants for MD5Transform routine.
#define S11 7
#define S12 12
#define S13 17
#define S14 22
#define S21 5
#define S22 9
#define S23 14
#define S24 20
#define S31 4
#define S32 11
#define S33 16
#define S34 23
#define S41 6
#define S42 10
#define S43 15
#define S44 21

///////////////////////////////////////////////
// F, G, H and I are basic MD5 functions.
inline MD5::uint4 MD5::F(uint4 x, uint4 y, uint4 z) {
  return (x & y) | ((~x) & z);
}

inline MD5::uint4 MD5::G(uint4 x, uint4 y, uint4 z) {
  return (x&z) | (y&~z);
}

inline MD5::uint4 MD5::H(uint4 x, uint4 y, uint4 z) {
  return x^y^z;
}

inline MD5::uint4 MD5::I(uint4 x, uint4 y, uint4 z) {
  return y ^ (x | ~z);
}

// rotate_left rotates x left n bits.
inline MD5::uint4 MD5::rotate_left(uint4 x, int n) {
  return (x << n) | (x >> (32-n));
}

// FF, GG, HH, and II transformations for rounds 1, 2, 3, and 4.
// Rotation is separate from addition to prevent recomputation.
inline void MD5::FF(uint4 &a, uint4 b, uint4 c, uint4 d, uint4 x, uint4 s, uint4 ac) {
  a = rotate_left(a+ F(b,c,d) + x + ac, s) + b;
}

inline void MD5::GG(uint4 &a, uint4 b, uint4 c, uint4 d, uint4 x, uint4 s, uint4 ac) {
  a = rotate_left(a + G(b,c,d) + x + ac, s) + b;
}

inline void MD5::HH(uint4 &a, uint4 b, uint4 c, uint4 d, uint4 x, uint4 s, uint4 ac) {
  a = rotate_left(a + H(b,c,d) + x + ac, s) + b;
}

inline void MD5::II(uint4 &a, uint4 b, uint4 c, uint4 d, uint4 x, uint4 s, uint4 ac) {
  a = rotate_left(a + I(b,c,d) + x + ac, s) + b;
}

/////////////////////