How react-native-config make my life easier to steal secret keys of your React Native Application

#reactnative #security #hack

1) First, you need to find out an applicationId of app. It easy to use a Google Play website, just search and copy id in the browser

2) The next step will be downloading a .apk file (for example using an apk-downloader website)

3) Finally, open that .apk in Android Studio (Build => Analyze APK...) then need to find resources.arsc and select string in the resource types panel

You should see something like that:

Keep in mind this module doesn't obfuscate or encrypt secrets for packaging, so do not store sensitive keys in .env. It's basically impossible to prevent users from reverse engineering mobile app secrets, so design your app (and APIs) with that in mind.

Top comments (0)

Promises in JavaScript and React Native: Creation, Usage, and Common Scenarios

Ajmal Hasan - Nov 9

Handling Component-Specific Loading and Data State with Redux for API Calls in React Native

Ajmal Hasan - Nov 9

KeyRunner: Not Just Another API Client-Your Secure Choice for API interactions in VSCode & Desktop!

Krishna - Oct 15

Understanding the Basics of ELF Files on Linux

Sandipan Roy - Oct 14

DEV Community