To initialize Android SDK, we need to call initialize using sdk client id and secret. That means we have to put client secret somewhere in the app package. Which essentially means it is publicly available (you can hide or obfuscate it, but cannot secure it).
My questions are, should we be worried about stealed client secret? What is the consequence of the client secret stealed and abused by others?
Or, is there any other way to initialize SDK without embedding client secret into app bundle?