Are Codepush deployment keys sensitive?

I’m analysing a iOS app and I’ve found an endpoint with a Codepush deployment key in a query string parameter.

https://codepush.azurewebsites.net/updateCheck?deploymentKey=[key]

Does anyone know what can be achieved with this key? Should it be considered private/sensitive?

It seems that it is supposed to be public: https://docs.microsoft.com/en-us/appcenter/distribution/codepush/cli

I’m a newbie here. I would like to know more about it. Thanks for sharing.

same question .

@fatehshakir2c8ae91b @DaranKatie

Documentation has the key hard-coded in public https://github.com/microsoft/react-native-code-push/blob/14810b71d79eb769a860c985414cc3b70039508c/docs/setup-android.md

Source: dee-see / notkeyhacks · GitLab

Thanks .