How to hide your API keys on Android

Показать описание

Developing Android apps using Google Maps Platform SDKs, but worried about the security of your API Keys? Learn one way to protect your API Keys by hiding them from version control with an open source plugin.

#Geocasts #Developer

Рекомендации по теме

Комментарии

**DISCLAIMER:** This plugin is primarily for hiding your keys from version control. Since your key is part of the static binary, your API keys are still recoverable by decompiling an APK. So, securing your key using other measures like adding restrictions (if possible) are recommended.

ZeroDevID

Google should allow developers assert the api key on the runtime. With that way, using some custom encryption and/or NDK, the apikey will be way more secured.

dimitriskatikaridis

Thanks! Very brief, useful and straight to the point!

go_better

Just for clarification and as it's stated by the host in the intro. this is only to hide your key from source control. If you are trying to fix a Leaked GCP API Keys error from playstore console, you still got the error.

AlexSanchezMorales

Does this keep people from being able to decompile the apk and view the api key?

AlexBGamesONLINE

In this video you are giving one ID and in android documentation there is different ID and in your github repo there is another new ID. I tried all 3. For all 3 i got same error "plugin id not found". Can you give updated instruction in clear steps ?

premdhanraj

Will this api key be visible during the release apk decompile process?

sukhwantsingh

Hi,
My app has been removed for this reason: Your app contains exposed Google Cloud Platform (GCP) API keys.
Which means my api key was exposed in my code.
I've applied the fix as described in the video with the latest version of the secrets-gradle-plugin.
Will this help to get my back on the Google Play Store?
Thanks

ronsivan

Personally I loved the Hindi Track 😍😍.

Sonu.Singh.

we need more secure.. something like compiled as encrypted value, auto decrypt when accessing it

erlangparasu

If I use the plugin you typed, its working. But the one on the documentation isnt working. Why is that?

BrandCatalogs

Does this process also helpful while saving any type of keys like API keys or AES keys?

AbhishekSingh-dqbj

Will it still work if I release the app?

PhongTran-hzht

You could just skip this library and just put

Properties properties = new Properties()

buildConfigField "String", "API_KEY",

inside the defaultConfig{} block in the app module's build.gradle, and then call your API_KEY that's inside your local.properties with BuildConfig.API_KEY lol

mhdunknown

How to hide your API keys on Android

How to hide your API keys SAFELY when using React

How to HIDE Your API Keys in Python Projects

How to Secure Your API Keys the Right Way

How to ACTUALLY Secure Your API (5 Steps)

3.4 Hiding API Keys with Environment Variables (dotenv) and Pushing Code to GitHub

Hide an API Key | JavaScript Tutorial

How to Hide & Protect API Keys in Your Android App (Reverse Engineering)

How to hide your API keys on Android

Create and Monitor multiple API Keys for your different Projects and Customers

How to hide api keys in Python

Build an API Proxy Server - Hide Your API Keys, Rate Limiting & Caching

Hiding Your API keys in your code from Thieves

Hide API Keys Without dotenv environment variables | Hiding API Keys in Javascript Netlify

How to Hide Your API Keys

Hide your API Keys easily with Node JS

Hide api keys properly

Create Your First Chrome Extension in JavaScript to Hide Your API Keys

5 JavaScript API Key Mistakes (and how to fix them)

How to Hide Password and API keys in Streamlit Share

Handle secrets like API keys securely in javascript projects with environment variables

how to hide your api keys in python projects

How To Hide Api Key GitHub Tutorial

Best Practice For Protecting And Hiding API Keys In Android Studio - 2023

How to hide your API link while making requests from client c#, c++, python