.netwindows-phone-7api-keyapp-id

Method for calling App ID, API Key, Client Key, etc.?


-->This question is geared to mobile applications for Windows Phone 7 (Although I'm sure the solution could be used on any .net application<--

Hello what are some ways of calling Application IDs, API keys, Client keys, etc inside of an application. I've been told before more than once that its not recommended to store these types of keys directly inside of an application but to "call" them. The reason for is that the app could be downloaded and decompiled therefore leading to your Keys being stolen.

Does anyone know secure ways of calling keys without storing them directly in the app? Or maybe encrypting the keys when they're stored on the device? Or are there other methods that exist?

Your recommendations or suggestions are appreciated.


Solution

  • The official solution that Microsoft recommends in protecting your code is to use Dotfuscator. They have a partnership with PreEmptive solutions so that all WP7 developers will get a free license. The website to download the software is here: http://www.preemptive.com/windowsphone7.html. It's definitely not a full-proof way of protecting your information but it makes it a lot harder for anyone to decompile your code and steal your secrets.