Is the API key stored in the iPhone application unsafe?

Question

Is the API key stored in the iPhone application unsafe?

I am creating an iPhone application that needs to be connected to a PHP based website. The iPhone application will retrieve and add entries. I assume that the connection between the website and the iPhone application should be controlled by the API key. The iPhone application provides it, and the website checks it.

I assume that I will have to store this API key in the iPhone application itself, right? So my question is; storing an API key in an iPhone app is risky? Could someone access my API key and impersonate an iPhone application, thereby gaining access to the website? or is it pretty hard to do? If I think about it wrong, tell me if there are better ways.

+3

api php iphone ios4

sami Dec 13 '10 at 7:37

source share

2 answers

Keychain Services , , Mac, , 100%, , (, iPhone , )

:

http://developer.apple.com/library/ios/#documentation/Security/Conceptual/keychainServConcepts/iPhoneTasks/iPhoneTasks.html

HTTPS, .

-1

shein 13 . '10 13:41

Costique · Accepted Answer · 2010-12-13T08:04:03+0000

If you need to keep it secret or not, you still have to encrypt and obfuscate, just to protect yourself from random hackers.

On the other hand, I do not believe that you can stop a particular hacker. The combination of jailbreak, gdb and traffic sniffer will hit almost any protection you can think of. Investing in such protection rarely makes sense, so you will need to find a trade-off between wasting time and effort and using your API key.

API , , App Store, . ptrace() PT_DENY_ATTACH ( ) gdb. , , . HTTPS , .

. HTTPS , API HTTP-, . , .

Is the API key stored in the iPhone application unsafe?

More articles: