https://github.com/approov/demo-android-chatgpt
Android ChaptGPT Kotlin mobile app demo for the OpenAI GPT-3 API to send questions and get responses. This repo will be used as the basis for a series of articles on how to properly hide secrets in a mobile app.
https://github.com/approov/demo-android-chatgpt
android approov chatgpt secrets security
Last synced: 7 months ago
JSON representation
Android ChaptGPT Kotlin mobile app demo for the OpenAI GPT-3 API to send questions and get responses. This repo will be used as the basis for a series of articles on how to properly hide secrets in a mobile app.
- Host: GitHub
- URL: https://github.com/approov/demo-android-chatgpt
- Owner: approov
- Created: 2023-05-26T19:01:12.000Z (over 2 years ago)
- Default Branch: main
- Last Pushed: 2023-06-20T15:48:19.000Z (over 2 years ago)
- Last Synced: 2025-01-09T20:53:51.340Z (9 months ago)
- Topics: android, approov, chatgpt, secrets, security
- Language: Kotlin
- Homepage: https://approov.io
- Size: 52.7 KB
- Stars: 1
- Watchers: 4
- Forks: 2
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Android ChatGPT Demo
This repository serves as the foundation for a series of articles that aim to demonstrate that hiding secrets in a mobile app binary, through code obfuscation and/or string obfuscation/encryption, just gives to the mobile app developer a false sense of security, a [Maginot Line](https://approov.io/blog/is-code-obfuscation-worth-it).
To avoid a Maginot Line in their security defences, mobile app developers are recommended to retrieve secrets securely from a backend, just-in-time of making the API request, rather than using hard-coded secrets. These runtime secrets are only provided when the remote mobile app attestation succeeds in attesting the integrity of both the device and the app. To learn more about this approach, check out the series of articles listed on this repository or visit the [Approov website](https://approov.io).