Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Your app contains exposed Google Cloud Platform (GCP) API keys

Tags:

android

android-layout

youtube-api

google-cloud-platform

android-youtube-api

Your app contains exposed Google Cloud Platform (GCP) API keys. Please see this Google Help Center article for details.

Vulnerable locations:

com.abc.Youtube_Player->onCreate

This is How my code look at the back end

public class Youtube_Player extends AppCompatActivity implements YouTubePlayer.OnInitializedListener {

    // YouTube player view

    public static final String GOOGLE_API_KEY = "<api key>";

    @Override
protected void onCreate(Bundle savedInstanceState) {
    super.onCreate(savedInstanceState);
    setContentView(R.layout.activity_youtube__player);

    // Initializing video player with developer key
    mPlayerView.initialize(GOOGLE_API_KEY, this);
   }
}
like image 665
Rohit Kumar Sehrawat Avatar asked Sep 09 '25 11:09

Rohit Kumar Sehrawat

2 Answers

You have API Key in the code. As a best practice, you should keep the secret keys in a secure system like Google Secret Manager, HashiCorp Vault, encrypted secure GCS Bucket etc.. If these option are not feasible for you, still try to put secret keys in some other property file and control access of that file.

like image 131
pradeep Avatar answered Sep 11 '25 09:09

pradeep

To avoid this warning message from the console:

Leaked GCP API Keys Your app contains exposed Google Cloud Platform (GCP) API keys. Please see this Google Help Center article for details.

You must define the values ​​you want to "hide" inside your gradle.properties file (if it doesn't exist, you can create it)

JORGESYS_API_KEY=key=AI9876IoaNutaEFrumoAsaAsa123An8mTRk-U
SECRET_CLIENT_API_KEY=key=AIzaSyJorgeSysIsCoOlaeB12GSET-U
SECRET_TOKEN_API_KEY=key=AIzaS12JorgeSysIsCoOlsauPrOsTaeB12GSET-U

and define the reference of these values ​​inside app/build.gradle

android {
    ...
    ...
    defaultConfig {
...
...
...
        //*Defined in gradle.properties
        buildConfigField "String", "JORGESYS_API_KEY", "\"$JORGESYS_API_KEY\""
        buildConfigField "String", "SECRET_CLIENT_API_KEY", "\"$SECRET_CLIENT_API_KEY\""
        buildConfigField "String", "SECRET_TOKEN_API_KEY", "\"$SECRET_TOKEN_API_KEY\""
    }

}

When generating your project, the BuildConfig class will be generated that will contain the values ​​and that you can assign to your application when compiling.

val myAPIKEY = BuildConfig.JORGESYS_API_KEY

These values ​​cannot be obtained by "reverse engineering"! :-)

like image 31
Jorgesys Avatar answered Sep 11 '25 08:09

Jorgesys
Sign in to Comment

Related questions

How do I convert a string to title case in android?
How to fix command node issue while building android app with react-native?
HTML 5 File input with iOS and Android [Cordova/Phonegap]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!