I don’t always assume my code is being hacked, but when I do, well… I guess I always do.  In this session we’ll discuss tips and tricks for securing your client code and API against hackers. No one goes to jail for hacking a game, which is why the mobile game QONQR has twice as many security features as a banking app.  We’ll cover the difficult lessons QONQR developers learned so you can avoid the same issues in your client/server apps. See how to avoid replay attacks, how to “hide” verification tokens in your API traffic and why depending on SSL to protect your traffic from the end user is a terrible idea.  Take obfuscation to the next level. Learn how “best practices” damage your ability to protect your code. We’ll discuss how you can’t assume downloading even encrypted data to an Android phone is hidden from a user, and how Apple prevents you from banning criminals and predators from your app.  See how QONQR uses the most popular 1000 first names according to the US Census Bureau to track user clicks.  You’ll laugh, you’ll cry, you might even run away screaming.