I am building a flutter android application for an e-commerce website that uses woocommerce. For performing crud operations with the woocommerce API it provides consumer_key and consumer_secret. Right now, my application just has those written into the source code. However, I have come to know that an attacker can de-compile my app to get the keys.
Googling about it, I found these -
- People saying limit authentication to the servers but how is that possible in this case?
- Code obfuscation which still leaves the keys in the app
- flutter_secure_storage package wont help because I would have to store it anyway which means it still ends up in the code.
Some advice or solution to this problem is what I am looking for here. Is there a way around this?