I'm wondering about the password security in case of mobile apps. Knowing that the password is stored in the client code, what prevent someone to open the app archive, get my api password and use my password to submit his request and thus, use my quota?
asked 09 Apr '14, 20:53
This is common problem for all client-server apps, one could use reverse engineering to replicate application behavior and be able access same infrastructure as application does. So we recommend to use same security measures as you would do in other cases - avoid storing password as plain text, add some cryptography, etc. This will not remove problem completely, but will make it more difficult and reduce the risk.
However, specifically for cases of mobile application that will be distributed to wide audience ABBYY developed different billing mechanism that addresses most of developer concerns including this one, by transferring large portion of risks from developer to ABBYY. It is in BETA now, and if you are not this program yet, I would recommend you to contact as firstname.lastname@example.org and sign in.