So I followed the instructions in this post
here and integrated google maps into my application. In that tutorial it says you should put your API key in the manifest editor like this.
AddApplicationText(
<meta-data
android:name="com.google.android.geo.API_KEY"
android:value="xxxxxxxxxxxxxx"/>
)
But now my question is, how safe is that really? I can take the APK and drop it into Android Studio and then go through the AndroidManifest.xml file to easily find the key just there in the open. I was wondering why the key had to be in the manifest in the first place and what is good practices if I want to safely use other keys throughout my application?