Hacker News new | ask | show | jobs
by lawgimenez 1229 days ago
Last Covid, I did the same reverse engineering our government's Covid app and found out that the API keys (public and private) were hardcoded in the source code. Never got any response.

Edit: Emphasized public and private keys
1 comments
tiziano88 1229 days ago
Where else should API keys be, if they are needed by the app?
link
ggm 1229 days ago
Private key should be in the trust region and set up when you make the account
link
harvey9 1228 days ago
I took the gpp to mean the publisher had leaked their private key by putting it in the app code when it should never have left their servers.
link
ggm 1228 days ago
Also possible. Enough private keys in git repo to make this believable.
link