Hello,
I am using revenuecat sdk for flutter, and i configure the sdk using the android and ios public sdk keys and the user id corresponding to the user.
I am trying to understand what will be the impact if someone decompiles my app and gets hold of the public/private keys? Could they connect to the revenuecat on my behalf and make operations like cancel subscription or request refunds..etc? From my understanding there is nothing holding them back to perform these operations.
Also I am interested to know, if in our systems we identify the user with a standard auto increment primary key like 1,2,3...etc, could this be an issue for someone to mess with us if they also have the private/public keys? I am thinking decompile the app, retrieve the public keys, initialise the sdk with random ints that represent the app users ids and try to cancel, refund their subscriptions.
Is this something that would be possible?
Thanks!
