Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

PubNub security against someone reverse engineering an android app

My app initializes PubNub with a hard-coded subkey and pubkey, then subscribes/publishes to a channel. How can I prevent someone from reverse engineering my app, collecting the sub/pub keys, and publishing garbage information to my channels?

like image 597
Blaasd Avatar asked Oct 31 '22 14:10

Blaasd


1 Answers

PubNub Access Manager

There is no absolute way to hide your keys but you can manage how authenticated users access (use) your keys. PubNub's Access Manager provides a means for you to implement permissions that are granted to a auth-key for the channels that an end user will need to access (publish, subscribe, etc).

Permissions are read (subscribe and query), write (publish and update) and manage (add channels to channel groups). You will grant these permissions for each channel and channel group that the end user will need to work with and the auth-key you provide to the end user will be a parameter in the PubNub initialization which will be passed to PubNub with every PubNub operation invoked by that end user.

The above is a bit high level but this is a thorough discussion about hiding keys/managing access between Stephen Blum (@PubNub) and Phil Leggetter (@leggetter) - both respected and prominent thought leaders in the realtime data stream network space among other areas.

like image 195
Craig Conover Avatar answered Nov 09 '22 09:11

Craig Conover