So basically if my API secret Key becomes public, anyone can use the Graph API to update my Facebook App fields.
The question is "How to prevent any API from updating my APP fields" ?
So only the Admin can log into his Fb account and update APP fields not any other users.
Self R&D- I can see "Update Settings IP Whitelist" field in my APP settings which means only specific IP address can update the APP. So is there a way I can specify - no IPs can update my APP. Only manual login of Admin can update the app.
Hope I made myself very clear..
So basically, I figured out that having your own IP is the "Update Settings IP Whitelist" field is a good way of protecting your Facebook APP settings.
A lot of people use a Page Access token to retrieve facebook public data. This token can also be used by hackers to modify your app settings and adding an IP protects your app.
Don't understand why this question was downvoted :(