How to Secure Your API Keys the Right Way

Or you can just put your keys in build variable

But, if I keep the key on some server, than I have another key in my app that is used for getting the key from the server. The attacker can then find this second key used for getting the one on the server, so how does this improve security?

I'm not sure if I understand you correctly
you want to save the APIs on server
Okay where on the server and how you are going to request them in the app??

Whenever I got new things to handle I always search in your playlist, same happened now as-well, I was looking for ssl issue and new content is here😃. Could plz make a video on dynamic ssl pinning when certificate expires.

Can you make a tutorial on implementing the SHA1 fingerprint in the Ktor server?

Iam the attacker. I was looking for your tasky app api

There is no way!
In app - decompile
From server - sniffer

It's practically impossible to hide secrets on the client. Security through obscurity is the only possible protection, but I'll be glad if somebody proves me wrong

of course, everything that is in client could be modified by the client, for security, better to do it on the server instead