I am new to Parse SDK. Is it safe to use Application ID and Client Key within the app? as reverse engineering the APK file might reveal the keys.
Is there any other workaround to pull them in the Parse.initialize() function.
Asked
Active
Viewed 251 times
1
Badhrinath Canessane
- 3,408
- 2
- 24
- 38
2 Answers
0
Like everything else contained in your APK it is only safe if you obfuscate your code. Make sure that you are using ProGaurd when you build your application and have configured it for gradle if you use Android Studio.
If you use ProGuard to obfuscate your code then you wont have to worry about people being able to unpack your APK and retrieve your Parse credentials.
If you want to test that your ProGaurd configuration is correct you can try and unpack your own APK to make sure everything is obfuscated and hidden as expected. This question will show you the process.
Community
- 1
- 1
Andrea Thacker
- 3,440
- 1
- 25
- 37
0
This is something that I have always asked myself. In addition to this you could also use a random keygen to connect to random parse database if you were trying to hack data. I tried to find the SO.com post about this but was unable to do so, regardless, I saw someone post that they had their key strings stored in AWS so that they werent in the APK package. In my opinion you shouldn't have to do this but whatever... Parse is pretty sweet when you cut back on development time and their online data portal is nice as well.
dave
- 575
- 4
- 19