Chris dev
Chris dev6mo ago

Security Question: Is the app key stored in the Unity APK?

Is it possible the APK could be reverse compiled and the app key stolen?
4 Replies
kapa.ai
kapa.ai6mo ago
Hi @Chris. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- The documentation does not provide specific information on how the app key is stored in the Unity APK or if it could be potentially stolen through reverse compiling the APK. However, it's generally a good practice to secure sensitive data like app keys. If you're concerned about the security of your app key, you may want to consider additional security measures outside of what's provided by Normcore. For more detailed information, you may want to reach out to NormalVR directly or consult with a security expert. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai6mo ago
<@182570065022025728> kapa.ai is still learning and improving, please let us know how it did by reacting below
maxweisel
maxweisel6mo ago
by default yes, but you can construct a NormcoreAppSettings object at runtime and furnish the key if you’d like to store it somewhere more secure we’re about to ship an update that obfuscates it heavily but there’s no way to implement a system that can’t be broken. if you’re worried about it, your best bet is to implement your own backend that furnishes app keys after you’ve authenticated your users Normcore Private also has a webhook option that can be used to authenticate server joins via the server to server API
maxweisel
maxweisel6mo ago
Webhooks | Normcore Documenation
Normcore Private Cloud and On-Premises both support using the Webhooks API to verify whether an application or user is entitled to access Normcore.

Did you find this page helpful?