mDevCamp

Still hiding API keys in gradle.properties or C++? 🕵️‍♂️

Michal Jeníček says it plainly: if a key ships with your app, it is not a secret.

In his session “Your API Key is Not a Secret: The "Genuine App" Pattern”, he moves past obfuscation tricks and shows a more realistic way to protect your backend.

You’ll see how cryptographic attestation and the Google Play Integrity API can help prove a request comes from your genuine, unmodified app binary.

Expect a practical deep-dive into:
🔐 why API keys are public identifiers
🛡️ how to validate genuine app requests
⚙️ a Simple Server flow that makes stolen keys useless

If you work on Android apps talking to sensitive backend services, this one is worth catching.

Btw: Michal practices Aikido, which feels like pretty solid training for both mobile chaos and parenting two boys.

🔎 Explore the speaker lineup mdevcamp.eu
🎟 Join the crew at mDevCamp 2026

Most iOS developers don’t think about the Keychain.

Until something suddenly stops working.

Ben Freiband, software engineer at Duo Security working on the Duo Mobile app, spends a lot of time dealing with authentication and secure mobile systems.

In his talk “Unlocking the Keychain: Understanding it before you inevitably need it”, he explains what’s actually happening behind the scenes.

You’ll get a clear look at how the Keychain works, why common login issues appear, and how credentials behave when apps use extensions or multiple targets.

If you’re building authentication flows or storing credentials in your app, understanding the Keychain will make a big difference.

Fun fact: ✈️ Ben has flown a plane.
(Says it was terrifying.)

🔎 Explore the full program mdevcamp.eu
🎟 Join us at mDevCamp 2026