So, you've finished version 1 of your app, and you're ready to send it out into the world. Like a child leaving the nest, you are ready to push your app out to the various app stores and wait for the glowing reviews to come streaming in. Not so fast! You wouldn't send a child out into the world without teaching them how to protect themselves. Likewise, you shouldn't send your app out into a user's hands without taking some time to secure it using industry-standard best practices. After all, if your app gets compromised, it's not only you who suffers, but potentially the users of your app as well. In this five-part series, we'll take a look at what you can do to secure your Parse app.
The master key, on the other hand, is definitely a security mechanism. Using the master key allows you to bypass all of your app's security mechanisms, such as class-level permissions and ACLs. Having the master key is like having root access to your app's servers. You should guard your master key with the same zeal with which you would guard your production machines' root password. Never check your master key into source control. Never include your master key in any binary or source code you ship to customers. And above all, never, ever give your master key out to strangers in online chat rooms. Stranger danger!
In Part II, we'll take a look at Parse's advanced features, which allow you to control what people with your client key can do.