Storing OAuth keys in code for iPhone apps

views:

answers:

+2 Q:

Storing OAuth keys in code for iPhone apps

I'm writing an iPhone app that integrates with third party APIs. These APIs use OAuth (key/secret specific to my app not per user) in order to authenticate which app the request is being made in behalf of.

Is it secure (or how secure) is it to simply put the key/secret in code? Can this sort of data be reverse-engineered? Is there a better way to go about including this data in a project?

I'd suggest looking into the Keychain services provided by Apple

http://developer.apple.com/library/ios/#documentation/Security/Conceptual/keychainServConcepts/01introduction/introduction.html

Flash84x 2010-10-26 23:56:56

This is not a place to hide secrets.

Rook 2010-10-26 23:57:28

Completely read over "not per user", yes. Disregard.

Flash84x 2010-10-26 23:59:59

Yes, I'm using keychain for other user-specific sensitive data but these are keys specific to the app not the user.

freshfunk 2010-10-27 17:46:32

+2 A:

There is no place on the iPhone to hide data. A user with a jailbroken iPhone has more control over the device than any developer. If possible you should setup a web service such as a REST or SOAP service to take care of these OAuth transactions on behalf of the client.

Rook 2010-10-26 23:59:13

ansaurus

tags:

views:

answers:

Storing OAuth keys in code for iPhone apps

related questions