The RC Flutter SDK offers the .logIn
method, which allows the current user to log in using only the appUserID
.
Since the appUserID
is exposed on the client side, a malicious user could potentially obtain someone else's appUserID
(e.g., through reverse engineering the app or intercepting network requests) and use it to impersonate that user. This could allow unauthorized access to premium content or features, etc..
Potential risk of the .logIn method of the RC SDK for flutter
Page 1 / 1
Hey
The login() method is only a method in the SDK, so the user would need to have that app user ID somehow passed through your code in the SDK. You can also call configure with an identified app user ID if you would like to forego calling the login() method. More information on this can be found here: https://www.revenuecat.com/docs/customers/user-ids#provide-app-user-id-on-configuration
Reply
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.