I've just bought a ServiceStack.Text license and I want to incorporate it into my code. On the server-side, I can do this securely. However I need this to also work on a mobile client device, as I need to serialize/deserialize things on the mobile device. I can't seem to find/figure out a secure way of handling this. As far as I can tell, it will always be readable in the mobile client's memory.
Am I mistaken in this? Is there some other way of handling this, perhaps somehow using the Service Clients mentioned in this post? (But I need to do the serializing/deserializing on the client itself, not just posting to a server.)
It's a good idea to use some Simple string obfuscation techniques so the license key is not visible in plain-text when analyzing your decompiled program and so will require some effort to decipher, but ultimately it's impossible to secure protected keys inside your deployed application given by design if your application needs and can read it, it will always be decryptable with enough effort.