I have an application in which I have to store some sensitive configuration data (api url, analytics keys etc.). First idea was to store all of the information in XML file and read from it during app initialization phase. Unfortunately this is no longer the case because when I extracted the .ipa/.apk files I managed to find the config.xml file which was embedded as a resource after further extraction of the .dll.
It can be easily solved for Android by "embedding assemblies in native code" which generates .so and config file is no longer easily accessible, however iOS's .ipa file is still accessible and open for simple reverse engineering.
Do you guys have any idea how I could make sure this config is secured at some point? Or maybe you know some good practices regarding storing such data on Xamarin platform?
I was hoping to use some obfuscation tools like Babylon or Dotfuscator but I'm working on MacOS and they are not supporting this OS.