關於mobile做authentication security

[itdog][mobile, security, oauth][其實IoT可能都關事(唔熟)] 關於mobile做authentication security問題。 之前可能講過, but我都再講多次, 重要野唔怕一講再講。 Mobile App裝o係Mobile,你就要預左好似frontend javascript咁赤裸俾人睇晒。 因為hacker可以crack mobile =>拎到APK file =>decompile做source code 我舉個例子,mobile app用OAuth Authorization Code Grant Flow做authentication。 好多人都係咁做,好多industrial專業engineer都可能係咁做。(就算vendor如pingIdentity, 佢地個網都係咁講架ja) 但以大眾做法,我(or hacker)好似上面咁講,decompile source code,拎到你hard code既client […]