DEV Community

Cover image for How react-native-config make my life easier to steal secret keys of your React Native Application
Davyd NRB
Davyd NRB

Posted on • Updated on

How react-native-config make my life easier to steal secret keys of your React Native Application

#reactnative #security #hack

1) First, you need to find out an applicationId of app. It easy to use a Google Play website, just search and copy id in the browser

image

2) The next step will be downloading a .apk file (for example using an apk-downloader website)

3) Finally, open that .apk in Android Studio (Build => Analyze APK...) then need to find resources.arsc and select string in the resource types panel

You should see something like that:

image

Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

Top comments (0)

Read next

balagmadhu profile image

Banana encryption: Decoding Caesar Cipher with Power Automate

Bala Madhusoodhanan -

nikl profile image

What is toast notification? Implement react native toast message

Nik L. -

usamaa profile image

Should Sensitive Systems Be Open Source ?

Osama B.Sassi -

antonov_mike profile image

Odoo security concept

Antonov Mike -