1
In the construction of an app I was suggested not to incorporate the public key to any code as a literal string. Although it is not secret, it may be replaced by another in a possible fraud attempt. As a solution it was indicated to build the string in real time from scratch or use bit manipulation (for example, XOR with some other string) in order to hide the real key.
How it works?
Related:Where to store API connection credentials on Android
– ramaral