Hi, I am planning to write a mobile app making use of the live bus data (SIRI).
One issue that comes to mind from a developer point of view is that the compiled APK file (distributable app) will contain the API key if it is decompiled. It is possible to obfuscate it but not completely possible to hide it.
There is probably no strong motivation for someone to steal my API key but even still I am wondering what the general developer attitude to storing the API key in the compiled app is?
It can be avoided by routing SIRI requests through my own server and adding the API key there but this will cause a bottleneck as it’s unlikely my server has comparable specs to the backend SIRI server.
Thanks.