DEV Community

Cover image for How react-native-config make my life easier to steal secret keys of your React Native Application
Davyd NRB
Davyd NRB

Posted on • Updated on

How react-native-config make my life easier to steal secret keys of your React Native Application

#reactnative #security #hack

1) First, you need to find out an applicationId of app. It easy to use a Google Play website, just search and copy id in the browser

image

2) The next step will be downloading a .apk file (for example using an apk-downloader website)

3) Finally, open that .apk in Android Studio (Build => Analyze APK...) then need to find resources.arsc and select string in the resource types panel

You should see something like that:

image

Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

Top comments (0)

Read next

binaries001 profile image

BUILDING A CYBERSECURITY DETECTION AND MONITORING LAB BY LEVERAGING LOCAL VIRTUAL MACHINES (VMs) AND MICROSOFT AZURE

Adeniran Abdullahi -

tmayank860 profile image

Implementing Long Press Functionality Using React Native Gesture Handler in React Native Application

MAYANK TYAGI -

rrs301 profile image

React Native Full Stack AI Image Editing App | 10000$ App Idea

Tubeguruji -

mateoguzmana profile image

LZ4 – C++ React Native bindings for an extremely fast compression algorithm

Mateo Guzmán -