I think they’re basically fixed for a specific app, but we don’t really want to take the responsibility of sharing them. 🙂

What I did for my iOS phone in a similar situation was get a copy of the Charles proxy app (charlesproxy.com), run it on my laptop including SSL proxying, and on my phone (a) install the root SSL key that Charles can generate and (b) tell my phone to use the laptop as a proxy. Finally, if memory serves, when watching the current keys go by, look at their expiry time and after that has passed, fire up the app again and you’ll see the key and secret being sent.

There are ways you can do this with free open source software, but Charles is very handy if you do any kind of HTTP network monitoring and worth the price, in my opinion.