search

adaptyteam / AdaptySDK-iOS

iOS SDK for growing mobile in-app purchases
https://docs.adapty.io/docs/quickstart
MIT License
368 stars 38 forks source link

Store API Keys in Keychain instead of UserDefaults #33

Closed Kondamon closed 2 years ago

Kondamon commented 2 years ago

Your current implementation stores API keys in UserDefauls what is very unsafe since users can read out this keys very simple what is a huge security whole! Use keychain instead, it's very simple to implement:

// Save the user password into keychain
let keychain = Keychain(service: "com.yourcompany.yourappbundlename")
keychain["user_password"] = "correcthorsebatterystaple"

// Load the user password
let keychain = Keychain(service: "com.yourcompany.yourappbundlename")
let user_password = keychain["user_password"]
AKyashkin commented 2 years ago

Hey, We'll put your feature request in a pipeline, but with a low priority, since there are lots of much simpler ways to read the key – e.x.: by using a primitive traffic sniffer.