Skip to main content

Security

The Security section in the documentation focuses on two main aspects:

  1. SDK Signing
    • Uses a secretId and secretKey to authenticate SDK requests.
    • Prevents unauthorized access to Trackier's tracking API.
    • Configured via setAppSecret(secretId, secretKey) in TrackierSDKConfig.
  2. Key Hiding
    • Protects sensitive keys (SDK Key, secretId, secretKey) from reverse engineering.
    • Two methods:
      • Method 1: Uses the com.klaxit.hiddensecrets Gradle plugin to auto-generate obfuscated keys in C++.
      • Method 2: Manual NDK/JNI implementation for storing keys in native code.

Potential Additions to the Security Section

If you want to enhance the Security section, consider adding:

  1. Best Practices for Key Management
  • Avoid Hardcoding Keys: Never hardcode keys in build.gradle or Java/Kotlin files.
  • Use Environment Variables: For CI/CD pipelines, fetch keys from secure env variables.
  • Restrict API Access: Ensure the secretKey is only used in the SDK and not exposed elsewhere.