Skip to main content
Question

Potential risk of the .logIn method of the RC SDK for flutter

  • 31 August 2024
  • 1 reply
  • 20 views

Forum|alt.badge.img+2

The RC Flutter SDK offers the .logIn method, which allows the current user to log in using only the appUserID.


Since the appUserID is exposed on the client side, a malicious user could potentially obtain someone else's appUserID (e.g., through reverse engineering the app or intercepting network requests) and use it to impersonate that user. This could allow unauthorized access to premium content or features, etc..

This post has been closed for comments

1 reply

Michael Fogel
Forum|alt.badge.img+6
  • Dedicated Contributor
  • 382 replies
  • September 5, 2024

Hey @dev_rhenium ,

 

The login() method is only a method in the SDK, so the user would need to have that app user ID somehow passed through your code in the SDK. You can also call configure with an identified app user ID if you would like to forego calling the login() method. More information on this can be found here: https://www.revenuecat.com/docs/customers/user-ids#provide-app-user-id-on-configuration


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings