The thing is how you are saving the secret key in your app .Now there can be many things

  1. Encrypt you key
  2. Use progaurd
  3. Use private but not default shared-preferences(If saving the key in preferences)
  4. Use HTTPS instead of HTTP

These are some ways with which you can secure your key and make it difficult to reverse the process, but again nothing is completely secure but my doing these steps you can make the much difference .

More Answer related to the Same Query


For iOS use the Keychain to securely save the key. There is a Keychain in Android but it works somewhat differently.

Use https to secure the commutations of the key to the server.

Consider an authentication scheme such as CHAP.

Credit Goes to: stackoverflow.com

Related question with same questions but different answers