0

I have an app I am building and inside of it are some strings that are sensative and I would hope no one would ever be able to get to easily by looking for strings in the binary etc.

For example this

let password:String = "SuperSecret123"

What is the proper way to hide this string inside of the project?

J.Doe
  • 1,502
  • 13
  • 47

1 Answers1

0

In most big companies, the way they handle this is not to keep the secret inside the code. Instead, you'll typically see one of three routes:

  1. Read the secret from an environment variable that must be set to run the software
  2. Read the secret from a configuration file
  3. Read the secret by talking to a local secret broker

All three of these can work pretty well.

Pat Gunn
  • 36
  • 2
  • 3
    Unfortunately none of these work very well in a mobile app where the secret has to be delivered from the application store along with the code. Essentially you have to put the secret on an trusted device that the user has access to so you cannot protect it. All you can do is make it harder to access – Paulw11 Jul 22 '18 at 21:26