Is Unity remote settings secure?

I’m looking for making my game communicate with a server with REST api.
Assuming I want to use basic authentication (or maybe JWT Authentication), is it safe to use remote setting for the server url and authentications infos?

If anybody as already do that with an Unity game, any feedback are welcome :slight_smile:

Thanks for the help.

According to this Unity doc Unity - Scripting API: RemoteSettings

The web service from which Unity
downloads the Remote Settings
configuration is read-only, but is not
. This means that the
configuration could be read by
third-parties. You should not put
sensitive or secret information into
your Remote Settings. Similarly, the
saved settings file could be read and
modified by end-users (although any
modifications are overwritten the next
time a session starts with an
available Internet connection).

I’ve yet to encounter some steps to replicate the issue on my end to verify it being not so secure though. :slight_smile: Has anyone tried doing it?

Anyone can read whatever is fed to the game from Remote Settings (or any other service) and vice versa by listening to the calls through Charles Proxy.