Skip to main content

Overview

This guide outlines the security features of the AppTrove SDK, focusing on SDK Signing to protect your integration against unauthorized access and fraudulent activities. By authenticating tracking requests with a unique secretId and secretKey, you ensure that only legitimate data from your app is processed.

Prerequisites

  • An application with the AppTrove SDK installed and initialized
  • Access to the Trackier Panel to retrieve secretId and secretKey
  • Basic knowledge of secure credential management

Security

The Security section ensures that your AppTrove SDK integration is safeguarded by enabling SDK Signing. This feature authenticates all tracking requests (e.g., installs, events) using a unique secretId and secretKey, ensuring data integrity and preventing fraudulent activities.

Why is SDK Signing Important?

  • Prevents Spoofing: Blocks fake or manipulated tracking requests.
  • Secure Attribution: Ensures installs and events are credited only to your authorized app.
  • API Request Protection: Validates that all tracking data comes from a trusted source.

Best Practices

  • Keep Credentials Confidential: Never expose secretId and secretKey in client-side code.
  • Use Secure Storage: Store credentials in encrypted storage (e.g., Android Keystore, iOS Keychain).
  • Rotate Keys Periodically: Regenerate secretKey in the Trackier Panel if compromised or as a routine security measure.
  • Restrict Dashboard Access: Limit Trackier Panel access to authorized team members to protect SDK credentials.

Troubleshooting

  • Authentication Failures: Verify that the secretId and secretKey match those in the Trackier Panel.
  • Exposed Credentials: If credentials are compromised, regenerate the secretKey immediately and update your app.
  • Tracking Data Rejected: Ensure SDK Signing is correctly implemented and credentials are securely stored.

Security Features

The Flutter SDK provides two main security features:

SDK Signing

Authenticate tracking requests using secretId and secretKey to ensure data integrity and prevent fraudulent activities. See SDK Signing for implementation details.

Key Hiding

Protect sensitive SDK credentials by storing them securely using Flutter's secure storage capabilities. See Key Hiding for implementation details.

Additional Resources

For further assistance, refer to the Trackier Documentation Portal or contact Trackier support at support@trackier.com.