How do you secure your PayPalApplicationID on the iPhone for PayPal's iPhone SDK?

While using the Paypal iPhone SDK that integrates a mobile payment option on the iPhone, I am realizing that to use the SDK you hardcode your PayPalApplicationID into your application during the initialization of the SDK module.

Is there a way to securely store this PayPalApplicationID on the phone? I'm at a lost since keychain isn't really an option. Keychain is great for storing credentials from the user and prompting them for the credential. However, this PayPalApplicationID credential is actual开发者_开发百科ly merchant specific and will be constant for the app through it's lifespan. What is a better way than hardcoding the PayPalApplicationID into the actual initialization of the SDK?

https://www.x.com/community/ppx/xsapces/mobile/mep

There is no simple way to do this. You can obfuscate a web service key in your code but if people want to steal it then they will find it with a little bit of patience and the right tools.

What happens when someone steals your PayPalApplicationID? Can they do harm? Maybe ask PayPal what the risks are. Maybe nothing destructive can be done with it. Then I would not bother to hide it.

Actually you don't need to secure your AppID - it's really used for identifying the caller. It's equivalent to a consumer_id in the oauth world. All payments are identified by the receiver and that's what the end user would see - not info linked with the AppID.