a long time ago I learned that this is a bad idea. Please don’t

Question

0

Asked: May 26, 20262026-05-26T00:07:26+00:00 2026-05-26T00:07:26+00:00

a long time ago I learned that this is a bad idea. Please don’t

0

a long time ago I learned that this is a bad idea. Please don’t try what I’m asking below

I want to include a secret key into an iOS app so that the app can "prove" to a certain server that a request is coming from the app itself and not some other system. I know that simply hardcoding a secret key into the code itself is very vulnerable as anyone can jailbreak their phone and attach GDB to my app’s process to get the key. Are there any more secure ways of doing this? Is it possible of sufficiently obfuscate the key as to make this near impossible?

I believe that this is a similar problem to serial number validation. Unfortunately, that seems to get cracked regularly and easily. Are there any solutions to this?

All communication with my server will be done with HTTPS so at least sniffing/man in the middle attacks shouldn’t be a concern.

Thanks, M

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T00:07:27+00:00

Editorial Team

2026-05-26T00:07:27+00:00Added an answer on May 26, 2026 at 12:07 am

I’m afraid it’s not possible to do that. But as far as I know apple will make sure no other app is spoofing your app’s secret. If it’s a jailbroken phone, then the user is in a way taking full responsibility, and possible damage should be limited only to the jailbroken phone user’s data.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

a long time ago I learned that this is a bad idea. Please don’t

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply