I am building an Android application in Java and using the Cognito User Pool ( demo) to generate User Session Tokens to authenticate the Rest Api calls.
In the demo the client secret is written in the the AppHelper class.
So, my question is : Is it safe to keep the client Id and Client Secret in the open. If not , what is the best way to do it.?
If hacker will decompile they can see the keys right? HOw can I protect my app.
Please, give me suggesstions. Thank you
