As a mobile developer, I'm looking for a solution that allows users of my application to download multiple .zip files that will add a "modular" feel to my application. I've used the Dropbox API in another app to allow users to backup items to their account, but now I need the user to access my account.
Is there a way to authenticate the Dropbox session to my account automatically, or just connect to my Public folder without the user even noticing?
What are the security implications of hard-coding my access keys and app key/secret into an application? I know it is fairly simple to get the source code from an .apk, but what could someone do with that information?
It's not the intended purpose of the API, but you could authorize an access token for your app manually once, and then embed and reuse that access token programmatically in all instances of your app. (You'd need to be careful not to accidentally revoke that access token though.) There are likely security and rate limiting concerns with this method though, depending on the specifics.
Or, the other method of using the link would probably be easier. Just make the link(s) desired (and convert to direct if necessary), then download from it. (Also, Dropbox isn't a CDN of course, so be aware of bandwidth limits.)
Followup Answer
If you embed your app token and access token in an app, an attacker could potentially extract those and would then have read/write/delete access (via the API) to as much of your Dropbox as the app has access to (either app folder or full Dropbox depending on your API app), regardless of any restrictions your app itself would normally try to enforce. For this reason, you wouldn't want to use this method to store any private information, e.g., any private user-specific files.