How to protect the key and secret key from decompilation ?

Question

Hello, i just want to know if someone decompile the unity project with some malicious tools, he can easily get the API Key and Secret Key and acces to the users and all the function. How to solve this problem please ?

Answer 1

Hi Waloucg,

In order to secure your method functionality and keys, you can create a custom key and use method authorization functionality to secure your application data. Please have a look at this link to understand in details and feel free to let us know if you need any help from our side. 

Regards,

Himanshu Sharma

Answer 2

I up the question because i don't really understand the protection method, of course i can assign a custom key for each method i need (create user, auth..) but its the same problem, people can decompile and have acces to each custom key.
And the READ/WRITE can be change but he need the api key so its not secured too. We can't secure our app versus decompiling ?

Comments

Hi,

Yes, you are right after decompiling the app, users can access your custom keys. But the idea of giving the custom keys is that you can secure it by giving the fetch access to the keys which you are using inside the app. And where you believe the update functionality required for the user data, you can use method authorization by setting the session id/facebook access token of the user which will add one more security to the application.

Moreover, you can also use custom code along with method authorization to secure your data. How? The logic of updating user data, changing read/write access will be on the server and you can authenticate user below updating the data. More important, nobody can decompile your code from there. Please have a look at this link(http://api.shephertz.com/tutorial/Server-Side-Custom-Code/?index=customcode-wrd) for more details and feel free to let us know if you need any help from our side.

Regards,
Himanshu Sharma

---

Do you think I could do a custom code on server that would create a data file containing the name of the players at registration, and then make sure that this session can only modify data containing its name? Although its must be a server-side method, otherwise its has no interest.
I would really like to learn how to secure my application with App42 to start programming my project, and the support looks active and listens to users so I think we can get there

---

Hi Waloucg,

Apologies to miss out your comment and replying late. Yes, you can write custom code to do your customization related to user data. Let me know if you have any specific question related to security. I will be happy to address your concern.

Regards,
Himanshu Sharma