Vulnerability Details
Severity:
High
Category:
Mobile
Description
The mobile application contains hardcoded sensitive values such as API keys, encryption keys, passwords, or backend URLs embedded directly in the source code or binary.
Risks
An attacker could extract hardcoded secrets through reverse engineering to gain unauthorized API access, decrypt sensitive data, or access backend systems directly.
Remediation
Remove all hardcoded secrets from application code. Retrieve secrets from secure backend services at runtime. Use environment-specific configuration managed securely. Implement key management solutions for cryptographic keys.