So, we studied how to reverse engineer the iOS app to view its source code. Now, the important aspect is try not to store the keys and hardcoded sensitive values at client side. Always try to store the keys at server side rather than hardcoding them in the code.

If it's not much feasible, avoid using key strings as the password, key and so on. Most of the source code analysis tools use regex to find the sensitive information.

The following is a sample Python regex:

USERNAME - (user|username|login)(\s)*=(\s)*('|")
PASSWORD - (pass|password|key)(\s)*=(\s)*('|")

Using the preceding regex expression, one can easily find out the hardcoded sensitive fields in the code. As a developer, never rely on a single technique ...