I have a gRPC service and I was thikning about the security aspects in the client side.
I have only one certificate (public and private certificates) for the client, that it is uses for all my clients, WPF clients, Android clients... etc.
By the moment, in my WPF client application, I copy the certificates (certificate and key) in a subfolder of the application folder and when I start the application, it loads the certificate. So it is easy for someone to copy the key certificate.
In an Android client, I add the certificate and and as assests, so I guess it is include in the apk file and it would be possible that someone could extract the certificates for that.
So if someone could get access to the certificates, it could develop an application that could connect to the server.
So I am wondering if there is some better way to handle or protect the certificates in the client side. But the private certificate it is needed to have in some place in the device to can be used.
Thanks.