No matter how hard you try to hide something in your app’s code, at the end of the day when you publish them the result is a compressed format (IPA or APK) with all the necessary DLLs to run your Xamarin apps, and if you know about tools like ILSpy for browsing and decompile .NET assemblies is so easy to take those DLLs and look at your typical Constants.cs class.
Continue readingDon’t put sensitive data in the client side: Reverse engineering published Xamarin Forms apps.
