I am currently in the process of developing a twitter application in C# and .NET. I read that I should not “reveal” my consumer secret, but I have not been able to come up with a good solution for this. Any disassembler can easily disassemble my app, or any app for that matter, and read the consumer secret. I have also tried using my App.config, but that simply writes an xml file next to the exe, so this solution is even less secure. I am assuming this is a problem for many people, so I have the following questions:
- What are you currently using to protect your consumer secret?
- What are the consequences of someone having access to my consumer secret? For my app and for me.
- What do the Twitter Developers recommend is the best solution for this?
Answers to any, or all, of these questions will be great appreciated.