Sort:  

They are stealing Posting keys I guess

I reversed their code and they are not sending it to the server. However, they are not stored correctly. They are exposed!

like in cookies?

Localstorage without encryption... anyone in a public network can retrieve your private key.

Our app dont use cookies or shared to any server

nobody said that. Just the truth, key is saved without any encryption.

Thanks for your effort we are working on that @jaysermendez you helped us anyways to male this app better

Want a code exposure?

We don't do such practices sir