How safe are the keys/values? Can someone extract them? #509

renatop7 · 2024-08-09T13:25:25Z

renatop7
Aug 9, 2024

My question is more related to android I guess...
Can someone reverse engineer the .apk and extract my .env variables values?

Answered by nik27

Aug 28, 2024

Yes. You should store API keys and other sensitive info on your backend and fetch it after user is authenticated.

In the readme of react-native-config it's explicitly mentioned:

Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

This is also mentioned in React Native docs.
This article might also be helpful.

View full answer

nik27 · 2024-08-28T16:55:06Z

nik27
Aug 28, 2024

Yes. You should store API keys and other sensitive info on your backend and fetch it after user is authenticated.

In the readme of react-native-config it's explicitly mentioned:

Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

This is also mentioned in React Native docs.
This article might also be helpful.

1 reply

renatop7 Sep 5, 2024
Author

Thanks for the inputs :)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How safe are the keys/values? Can someone extract them? #509

{{title}}

Replies: 1 comment 1 reply

{{title}}

{{editor}}'s edit

{{editor}}'s edit

{{title}}

Select a reply

How safe are the keys/values? Can someone extract them? #509

renatop7 Aug 9, 2024

Replies: 1 comment · 1 reply

nik27 Aug 28, 2024

renatop7 Sep 5, 2024 Author

renatop7
Aug 9, 2024

Replies: 1 comment 1 reply

nik27
Aug 28, 2024

renatop7 Sep 5, 2024
Author