I want to implement an application integrated with PayPal, which suggests I use Server-Side integration in which i use a client_id and client_secret. I was thinking about embedding it in the application (since react native runs on top of node js), but my security conscious heart cries about the idea. So:
Why should I avoid storing and using client_id and client_secret embedded inside apk? My first intuition is about decompiling the apk and acting on behalf of the account that has those secrets, but how many things can go wrong in that scheme?
via chubakueno
No comments:
Post a Comment