I really like having this (idiot) discussion over and over again (especially with people who don't bother reading the FAQ) and obviously don't even understand what they are talking about): Yes, credentials.cfg is a security concern, but no, there is no possible fix for it.
Think about it: Google Play requires you to present credentials ("no shoes, no service!"). That means, Raccoon must be able to present them. Encrypting the file provides no additional security as Raccoon would need to be able to decrypt it. A hypothetical malware that it able to grab credentials.cfg will also be able to copy keystore.dat right next to it.
The whole idea behind encryption is the ability to keep the key secret from any potential attacker. If you cannot do this, you might as well not bother at all.
Should you find that your computer is running malware of any kind (or has otherwise been broken into), you should always consider it to be completely compromised. That means you should reinstall the entire operation system from scratch, using an external installation medium (not your recovery partition) and change every password you have stored on it. Including those under control of a Password manager (since you never know if that malware had a keylogger component).
Your goal is to keep your computer malware free, not putting pseudo obstacles everywhere and hope that they work as unexpected problems. If you don't take the threat serious enough to prevent malicious code from running in the first place, then randomly encrypting files won't save you either.
I can provide you 2 options as helping hand:
2. Encrypting java code
I have written several java apps where credentials are read from properties file, Keystore JKS yes. Keystore jks is encrypted by the way right?
The java app can decrypt and send it as plain text to google servers if need be.
We shall not provide very easy way to hack, that is the point. If it can be read from notepad there is no need for intelligent malware to read it.
I respect your view but its unethical to call it IDIOTIC. Please edit your post to remove offensive words else this thread will be reported.
If you cannot fix please let users know it will be "as is" and do not say discussion is idiotic. Users are not fools.
Sent from my XT1033 using XDA Free mobile app