Ask HN: Client Secret at Android
Hello Fellow Hackers,
For OAuth token from server for Mobile app, we need to pass Client Secret from Android (and iOS) app which can be compromised easily. I was wondering if you can share best practises to keep Client ID and Client Secret from getting exposed during reverse engg or decompilation. Cheers, Raj
1 comment
[ 1.9 ms ] story [ 5.2 ms ] thread(it's still going to be visible in captured traffic after stripping tls)