You’ve definitely used both terms, but many devs blur the line. Let’s make it crystal clear.


🔐 Encryption

  • Purpose: To securely transmit or store data so it can be later decrypted.

  • Reversible? ✅ Yes — if you have the key.

  • Use cases:

    • Sending data over HTTPS

    • Encrypting local database/files

    • End-to-end encrypted messages (e.g., Signal)

Example: AES, RSA, ECC

// Symmetric encryption idea
val secretKey = ...
val cipher = Cipher.getInstance("AES")
cipher.init(Cipher.ENCRYPT_MODE, secretKey)
val encrypted = cipher.doFinal("SensitiveData".toByteArray())
 

🧠 Hashing

  • Purpose: To verify integrity or store something in a non-reversible way.

  • Reversible? ❌ No — one-way function.

  • Use cases:

    • Password storage (store only the hash!)

    • Data integrity checks (e.g., file SHA256)

    • Hash maps (for fast lookup)

Example: SHA-256, MD5 (bad!), bcrypt, scrypt, Argon2

// Hashing idea
val md = MessageDigest.getInstance("SHA-256")
val hash = md.digest("MySecretPassword".toByteArray())
 

🔒 Why It Matters for Android Devs

  • Never store passwords using encryption — use hashing with salt and key stretching (like bcrypt).

  • If your app uses JWT, remember: the signature is a hash (HMAC or RSA), not encryption.

  • Misusing encryption or hashing leads to severe security holes, even if you’re “using crypto.”