Have been trying xAuth to authenticate a user in an iphone/android app
made with Phonegap/HTML/JS. The connection works well but i cant see a
good way to secure the Consumer key and Secret in the app.

Apps can obviously be decompiled and these parameters can be
discovered but Twitter allows this method of security.

A proxy script seems pointless as a hacker can simulate the app making
a request

Seems the worst that can happen is that a hacker can copy the strings
to use xAuth on their own app

Is it worth making any effort to encrypt these strings?


Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 

Reply via email to