Security concern on saving secret in app

[jjteoh-pingspace]

Hi I am new to mobile development, sorry if I asked a dumb question.

Isn't that saving consumer secret in the app is a bad practice and potentially lead to security breach?

[samarthagarwal]

Yeah, it is not completely safe but the other way would be to implement a backend middleware server that will talk to the WooCommerce backend on the behalf of your app.

[quydau35]

Hi I am new to mobile development, sorry if I asked a dumb question.

Isn't that saving consumer secret in the app is a bad practice and potentially lead to security breach?

My solution for encapsulate all secrets & exposable constants is to use a pre-load api to get those field from a private firebase server, or get them from a server to the device and initiate the app with those constants before calling any other API.