Security Question: Is the app key stored in the Unity APK?
Is it possible the APK could be reverse compiled and the app key stolen?
KHi @Chris. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. 
K----------------------
The documentation does not provide specific information on how the app key is stored in the Unity APK or if it could be potentially stolen through reverse compiling the APK. However, it's generally a good practice to secure sensitive data like app keys. If you're concerned about the security of your app key, you may want to consider additional security measures outside of what's provided by Normcore.
For more detailed information, you may want to reach out to NormalVR directly or consult with a security expert.
----------------------
Note: you can ask me a follow up question by @ mentioning me again
----------------------
The documentation does not provide specific information on how the app key is stored in the Unity APK or if it could be potentially stolen through reverse compiling the APK. However, it's generally a good practice to secure sensitive data like app keys. If you're concerned about the security of your app key, you may want to consider additional security measures outside of what's provided by Normcore.
For more detailed information, you may want to reach out to NormalVR directly or consult with a security expert.
----------------------
Note: you can ask me a follow up question by @ mentioning me again
----------------------
K@182570065022025728 kapa.ai is still learning and improving, please let us know how it did by reacting below
Mby default yes, but you can construct a NormcoreAppSettings object at runtime and furnish the key if you’d like to store it somewhere more secure
Mwe’re about to ship an update that obfuscates it heavily but there’s no way to implement a system that can’t be broken. if you’re worried about it, your best bet is to implement your own backend that furnishes app keys after you’ve authenticated your users
MNormcore Private also has a webhook option that can be used to authenticate server joins via the server to server API
MNormcore Private Cloud and On-Premises both support using the Webhooks API to verify whether an application or user is entitled to access Normcore.
