Reputation: 887
Securing sensitive information in PhoneGap?
I have a number of REST API Keys (Google Places, etc) that I want to secure. Reading Google Groups and SO it seems obfuscation isn't a solution, neither is using the Keychain, so how do you suggest encrypting/securing sensitive information when the IPA package can just be unpacked and read? (I don't want to rewrite the application in Objective-C).
Upvotes: 4
Views: 1003
Answers (1)
Reputation: 262534
If you have the option of hosting a web service yourself, you can have the device talk to your own server instead of Google's. It would act as a proxy: The device authenticates to your service using a scheme of your choosing and never gets to see the API key, which rests securely on your servers. The process is very similar to how it would work on a web site (where also the browser does not talk to the backend service provider directly, but the web server does it on its behalf).
Upvotes: 3
Related Questions
- Security considerations when creating a mobile app using PhoneGap
- Phonegap - How to encrypt data transfer between server and device
- Security Concern in Cordova/Phonegapp Application
- Protecting third party API keys/secrets in PhoneGap
- Phonegap mobile banking app security
- Phonegap Android App- Secure data traffic
- how secure is my code in phonegap
- Data encryption on PhoneGap applications?
- Is there a way to make phonegap apps more secure?
- How to protect data in HTML5+PhoneGap mobile app?