Are Codepush deployment keys sensitive?

I’m analysing a iOS app and I’ve found an endpoint with a Codepush deployment key in a query string parameter.

https://codepush.azurewebsites.net/updateCheck?deploymentKey=[key]

Does anyone know what can be achieved with this key? Should it be considered private/sensitive?

It seems that it is supposed to be public: https://docs.microsoft.com/en-us/appcenter/distribution/codepush/cli

1 Like