Created To Keep Your Fixed App Secrets Safe
Often, your app will have fixed secrets such as certificates, or keys (e.g. APIs, AWS) that you need for the security of your app’s operation – but you’d rather not have them easily extracted from your app.
Hardcoding app secrets directly into the source code, and potentially relying on obfuscation methods for security, is a common strategy for many app developers.
This is however not enough to properly protect your secrets, and hackers can easily retrieve them by reverse engineering.
Did You Know?
According to Gartner, hardcoding API keys or other credentials in web and mobile applications is one of the four most common API Vulnerability paths, and the method makes such secrets subject to decompiling attacks.
Gartner. “API Security: What You Need to Do to Protect Your APIs.” Mark O’Neill, Dionisio Zumerle, Jeremy D’Hoinne. 27 August 2019.