Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
lucasluitjes 2 days ago

Hardcoded API keys and poorly secured backend endpoints are surprisingly common in mobile apps. Sort of like how common XSS/SQLi used to be in webapps. Decompiling an APK seems to be a slightly higher barrier than opening up devtools, so they get less attention.

Since debugging hardware is an even higher threshold, I would expect hardware devices this to be wildly insecure unless there are strong incentive for investing in security. Same as the "security" of the average IoT device.

bigiain 2 days ago | parent [-]

Eventually someone is going to get a bill for the OpenAPI key usage. That will provide some incentive. (Incentive to just rotate the key and brick all the devices rather than fix the problem, most likely.

eru 2 days ago | parent [-]

> (Incentive to just rotate the key and brick all the devices rather than fix the problem, most likely.

But that at least turns it into something customers will notice. And companies already have existing incentives for dealing with that.

bigiain 2 days ago | parent [-]

At that stage you just rotate the company name or branding...

eru 2 days ago | parent [-]

Sure. But then you cannot benefit from building up a good reputation and charge people extra for it.

(There's a reason Apple can charge crazy markups.)

bigiain 19 hours ago | parent [-]

Had you ever heard of IKKO before this? I hadn't, and I'm at least adjacent to the hifi and audio nerd crowd.

Apple have a reputation and brand that allows them to charge premium prices.

IKKO seems, at least to me, to be effectively a disposable brand. If their reputation goes bad, their only reals costs are setting up a new website/AliExpress Store/Amazon seller account.

eru 17 hours ago | parent [-]

To expand on what I was trying to say:

Yes, you can run with disposable brands. It's a perfectly viable business strategy in many cases.

However: if you do that you are missing out on the benefits of building a good reputation. Even in the cases, where your product _is_ actually good.

So another perfectly valid business strategy is to build a longer lasting brand. Like Apple has done. (Or countless other companies.)

In most markets we see both kinds of strategies at play. As a customer, you can usually decide which kind of strategy you give your money to.