I’m analysing a iOS app and I’ve found an endpoint with a Codepush deployment key in a query string parameter.
https://codepush.azurewebsites.net/updateCheck?deploymentKey=[key]
Does anyone know what can be achieved with this key? Should it be considered private/sensitive?
It seems that it is supposed to be public: https://docs.microsoft.com/en-us/appcenter/distribution/codepush/cli
I’m a newbie here. I would like to know more about it. Thanks for sharing.
@fatehshakir2c8ae91b @DaranKatie
Documentation has the key hard-coded in public https://github.com/microsoft/react-native-code-push/blob/14810b71d79eb769a860c985414cc3b70039508c/docs/setup-android.md
Source: dee-see / notkeyhacks · GitLab