If you are talking about user tampered devices, if the device is tampered you can't prevent leaking of credentials