I have a private key that I am using to hash data, that key is also on the server. I was wondering if its safe to store this value in the config.json file in an Appcelerator Alloy application? When decompiling the ipa/apk is that something anyone could see?
If not is there a better location?
Alloy will compile the config.json file into CFG.js file which like all other JS files in a Titanium app will be encrypted. By default the key is stored in a compiled Obj-C class in the app.