Hackers are used to encountering some form of security within an app’s architecture. But often these are thin, disjointed layers of protection that they can easily break through one after the other. That’s why your app security should consist of one thick, connected layer instead.
This depth of security is vital these days. Not least because bad actors tend to use dynamic analysis as their go-to attack method.
We call this interconnected depth of security the chain of trust. It’s an infinite loop of security that acts as one steel barrier rather than a thousand individual paper ones.
Utilize platform-specific functionality which is designed for storing sensitive key material. You could also consider using additional security measures like in-app protection and RASP solutions.
Some developers still think that renaming functions and variables can keep their app safe from attacks. But name obfuscation isn’t security. Consider it more of an optimization measure.