Android Question Your app contains exposed Google Cloud Platform (GCP) API keys

tsteward · Jul 5, 2019

I have just spotted this warning on m\developer console. Should I be worried and what do I do about it.

Security alert

Your app contains exposed Google Cloud Platform (GCP) API keys. Please see this Google Help Centre article for details.

Vulnerable locations:

lishi.assistand.tony.stewardgmail.com.helpmodule->_helpspinner_itemclick

Affects APK version 104.

Peter Simpson · Jul 5, 2019

tsteward said:
Should I be worried and what do I do about it.

No, dismisses it.

Erel · Jul 7, 2019

Not sure. Where does this key come from?

DonManfred · Jul 7, 2019

tsteward said:
Should I be worried and what do I do about it.

Restrict the Key in the console to use only by a specific app (your apps packagename and hash).

Add restrictions to your API key so that only your apps are allowed to use the API key. More details on adding restrictions to API keys can be found here.

tsteward · Jul 7, 2019

Erel said:
Not sure. Where does this key come from?

Its they key used to link to youtube

Erel · Jul 8, 2019

Make sure to restrict the key as DonManfred wrote and also make sure that the key is stored as a process global string value. This way it will be obfuscated.

Android Question Your app contains exposed Google Cloud Platform (GCP) API keys

tsteward

Well-Known Member

Peter Simpson

Expert

Erel

B4X founder

DonManfred

Expert

tsteward

Well-Known Member

Erel

B4X founder

Similar Threads