How safe is it to have a Twitter consumer key and a secret hard code in an Android app?

Question

How safe is it to have a Twitter consumer key and a secret hard code in an Android app?

I look at this code example:

authConfig = new TwitterAuthConfig(BuildConfig.CONSUMER_KEY, BuildConfig.CONSUMER_SECRET);

what prevents someone from decompiling .apk and starting to use my consumer key and secret?

+4

android twitter fabric-twitter

Igor Orlanov Jan 20 '15 at 10:32

source share

2 answers

Mike Curry · Answer 1 · 2015-01-20T23:05:38+0000

If this is your key, and the application is intended for others, then they will be available in the application if they were configured with reverse processing. Even if you encrypted them in the application and decrypted during use, you will need to include a decryption key in your application, and therefore a certain attacker can also deploy and decrypt.

, .

, CONSUMER_KEY CONSUMER_SECRET . , , , .

"-" -. - - Twitter -, .

, , , - Twitter. - -. - - , - REST API Twitter, . - -. - - - - , - .

: http://wickedlysmart.com/twitternews-oauth/ https://dev.twitter.com/oauth/application-only http://hayageek.com/login-with-twitter/

Kyeong Wook Ma · Answer 2 · 2015-01-20T22:49:55+0000

, . , project.properties, :

proguard.config=${sdk.dir}/tools/proguard/proguard-android.txt

http://developer.android.com/tools/help/proguard.html

How safe is it to have a Twitter consumer key and a secret hard code in an Android app?

More articles: