read
Strings in an iOS app can be easily extracted with strings myapp
.
Taking a few more steps will make your app more secure.
Chris Hulbert has a good post on the topic to obfuscate your secret keys.
A summary
Firstly, the technique is only good for secret keys that are not sent over the Internet. For example, secret keys that are used to encrypt a packet, sent over the Internet, then decrypt with the key on the server.
There are a few techniques of various levels:
-
hex instead of literal strings
-
obfuscate the hex with some hashing
-
disable debug sessions
PS: This deters most of the hackers. But nothing is foolproof.