I’m curious if it’s safe to include credentials and/or API secret keys in applications. In particular, I’m using my Thunkable app to control some IoT devices and the associated cloud service requires an API secret key. I’ve hard-coded it into my app, as I don’t want the users to be aware of it. However, I’m wondering if this creates a vulnerability wherein hackers can dismantle my app and get the key.
Thoughts? If the above practice is ill-advised, please offer a suggestion on how to address the need for the secret key.
@Taifun, thanks for the suggestion. I’m using iOS and it appears that block is not yet available. Until it’s available, is it risky to include sensitive data in an app or does the obfuscate just make it a lot harder to “see”?
[update] actually, I can’t find obfuscate anywhere in the documentation, even for Android