Apps that integrate with various web services and APIs, such as Twitter, need to use service provisioned API keys and shared secrets which are Java Strings.
Such Strings should be retrievable by anyone who decompiles an .apk (I must try this myself against my own apk) In the next step the malicious developer will be able to impersonate the decompiled app... Am I missing something, or do we have a problem? -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
