I will soon be publishing app on the appstore and playstore.How to hide the Realm key from hackers.Since once they have the realm key they basically can query all the data. Hiding in both android and ios
What do you mean by “Realm key”? How do you see people getting access to it?
App ID, reverse engineering the app
In itself, the App ID isn’t really a secret that needs to be protected.
If someone created a rogue app that used the same App ID then they would still need to authenticate with the backend Realm app. Even after has authenticated, the backend Realm app still controls how the user can access resources.
We have a user registration facility on the app. Suppose hacker gets the AppID, he signups as a new user. And from next time he starts querying the realm db for other users data
User userModel = realm.where(User.class).equalTo(“username”, username).findFirst();
if(userModel != null && userModel.isValid()) {
completionUser.onSuccess(userModel);
}
else {
completionUser.onFail(“User does not found”);
}
I may be wrong,maybe im being paranoid about it.
You should have Realm Sync rules that control which partitions each user is allowed to sync. e.g., for some apps you might use the user ID as the partition key and only let users sync their own partition. The key is that your rules are controlled in the backend app, which only you have control over.
This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.
@spam_mail : As @Andrew_Morgan mention earlier various ways of protecting the Realm App & it’s content, but still if you want to get rid of the key then you can inject key while creating the artifact from CI.