I would rather not store any client credentials in my Android or iOS clients for my custom particle based product. PKCE is an extension to the OAUTH Authorization Code flow that is designed to do away with the need for storing keys on a client.
Please add support for PKCE in your Mobile SDK’s.
(note: I did a search in the forum and on github, wasn’t sure if this was already supported, if it is, please feel free to delete this).