[stephth]

it wouldn't take a huge amount of skill to extract your client keys from an Android / iOS app: but as long as you've designed your ACL (access control list) correctly, it won't matter as your user will have to be logged in and authenticated to access sensitive objects.

But it's possible to edit the ACL from a client. Isn't that a potential weakness?

https://www.parse.com/docs/ios_guide#users-acls

[lacker]

Editing the ACL is subject to the same access restrictions, similar to how Unix ACLs work. So, for most cases this is sufficient. If you have more complex security needs, we're glad to discuss how individual apps can be secured. Drop us a line at feedback at parse.com.

[stephth]

Thanks. And I will likely do that. Before I do and if I could borrow some more of your time: would using Parse qualify an app as containing encryption, in regards to the AppStore submission/guidelines?

See this question: http://stackoverflow.com/questions/2135081/does-my-applicati...

[lacker]

Parse does use https:// connections for all data, so you should take whatever action you would normally take for an application that communicates over https. That is the only form of client-side encryption used.