Chris dev
Chris dev3mo ago

Security Question: Is the app key stored in the Unity APK?

Is it possible the APK could be reverse compiled and the app key stolen?
4 Replies
kapa.ai
kapa.ai3mo ago
Hi @Chris. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- The documentation does not provide specific information on how the app key is stored in the Unity APK or if it could be potentially stolen through reverse compiling the APK. However, it's generally a good practice to secure sensitive data like app keys. If you're concerned about the security of your app key, you may want to consider additional security measures outside of what's provided by Normcore. For more detailed information, you may want to reach out to NormalVR directly or consult with a security expert. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai3mo ago
<@182570065022025728> kapa.ai is still learning and improving, please let us know how it did by reacting below
maxweisel
maxweisel3mo ago
by default yes, but you can construct a NormcoreAppSettings object at runtime and furnish the key if you’d like to store it somewhere more secure we’re about to ship an update that obfuscates it heavily but there’s no way to implement a system that can’t be broken. if you’re worried about it, your best bet is to implement your own backend that furnishes app keys after you’ve authenticated your users Normcore Private also has a webhook option that can be used to authenticate server joins via the server to server API
maxweisel
maxweisel3mo ago
https://normcore.io/documentation/normcore-private/webhooks
Webhooks | Normcore Documenation
Normcore Private Cloud and On-Premises both support using the Webhooks API to verify whether an application or user is entitled to access Normcore.