"Includes Vulnerable Leakage (Published) Google Cloud Platform (GCP) API Key" Alert Alert

Asked 2 months ago, Updated 2 months ago, 5 views

About the apps available on GooglePlay
Contains vulnerable leaked (public) Google Cloud Platform (GCP) API keys
It was pointed out and warned that

I referred to the site below and added the following two actions, but I was constantly warned
I don't know exactly how to deal with it.

If you have done the same thing, could you give me advice on how to deal with it?

Also, I used gradle.properties as the correspondence.
Is it treated as a file in the application source tree?

*What to do*
1)Verify the API Key is Restricted Correctly
2)From the following description, move the key that was written directly to the source to gradle.properties and change it to read

※ ↓ This is a translation app translated text
·Do not embed API keys directly into the code.
 API keys embedded in the code may be accidentally exposed to the public.
 For example, you may have forgotten to remove the key from the code you share.
 Instead of embedding API keys into applications, you can
them in environment variables or applications.  Store in a file outside the source tree.

·Do not save the API key to a file in the application source tree.
 When storing API keys in a file, to prevent keys from entering the source code management system,
 Place the file outside the application source tree.
 This is especially important if you are using a public source code management system such as GitHub.

android google-cloud youtube-data-api google-play

2022-09-30 14:05

1 Answers

If gradle.properties is included in the version control, the API key will end up in the repository, so I don't think the problem will change.

2022-09-30 14:05

If you have any answers or tips

© 2022 OneMinuteCode. All rights reserved.