Comment by wackget
2 years ago
If the app can access it (offline, on your device), then what stops a developer from using tools to extract the token from the device, either from wherever it's stored in memory or using an interactive debugger to extract it as the app requests it?
Nothing stops a (sufficiently motivated) developer from doing that. But it will stop a muggle.