tags:

views:

23

answers:

1
+1  Q: 

How do you secure your PayPalApplicationID on the iPhone for PayPal's iPhone SDK?

While using the Paypal iPhone SDK that integrates a mobile payment option on the iPhone, I am realizing that to use the SDK you hardcode your PayPalApplicationID into your application during the initialization of the SDK module.

Is there a way to securely store this PayPalApplicationID on the phone? I'm at a lost since keychain isn't really an option. Keychain is great for storing credentials from the user and prompting them for the credential. However, this PayPalApplicationID credential is actually merchant specific and will be constant for the app through it's lifespan. What is a better way than hardcoding the PayPalApplicationID into the actual initialization of the SDK?

https://www.x.com/community/ppx/xsapces/mobile/mep

A: 

There is no simple way to do this. You can obfuscate a web service key in your code but if people want to steal it then they will find it with a little bit of patience and the right tools.

What happens when someone steals your PayPalApplicationID? Can they do harm? Maybe ask PayPal what the risks are. Maybe nothing destructive can be done with it. Then I would not bother to hide it.

St3fan  2010-09-10 22:12:53
Thank you. After browsing the web a bit more, it seems an inherent vulnerability, packaging any secret with client software. It almost looks like OAuth is required to provide better protection. And better control of client software.
Shiun  2010-09-13 22:13:09

related questions

How do we get arround Apple's decission to skip sms templates for iPhone?
iPhone App Crashing - Error Question
Can I write native iPhone apps using Python
Does the Iphone 1/2 have a compass inside?
How do you beta test an iphone app?
Is it just the iPhone simulator that is restricted to intel only Mac's?
iPhone App Minus App Store?
Deleting messages from Exchange IMAP mailbox on iPhone
Is there a multiplatform framework for developing iPhone / Android applications?
How can I launch the Google Maps iPhone application from within my own native application?
Tips for a successful AppStore submission?
iPhone app that access the Core Location framework over web
Virtual Mac?
What's a good machine for iPhone development?
How can I develop for iPhone using a Windows development machine?
Recommended iPhone Development Resources
Best Wiki for Mobile Users
How to programmatically send SMS on the iPhone?
iPhone - Exchange Calendars in Public Folders
iPhone web applications, templates, frameworks?
Understanding reference counting with Cocoa / Objective C
How-to articles for iPhone development, Objective-C
What are the correct pixel dimensions for an apple-touch-icon?
How do I give my web sites an icon for iPhone?
iPhone app in landscape mode