-
-
Save curioustechizen/9f7d745f9f5f51355bd6 to your computer and use it in GitHub Desktop.
buildTypes { | |
applicationVariants.all { variant -> | |
variant.buildConfigField "String", "API_KEY", "\""+getApiKey()+"\"" | |
} | |
} | |
def getApiKey(){ | |
def Properties props = new Properties() | |
props.load(new FileInputStream(new File('secrets.properties'))) | |
return props['API_KEY'] | |
} |
API_KEY=my_awesome_api_key |
String apiKey = BuildConfig.API_KEY |
If I decompile the app, would the secret key then be exposed? Putting any secret key in java or resources xml is not an option for me as they can be easily decompiled.
@hendraanggrian This solution will not protect against decompilation. The string will ultimately land up in your APK.
Hello @curioustechizen , Could you tell us what is the difference between storing the keys in the java file if we can't protect the keys by above method this in decompilation of apk.
use Firebase remote config
@yakubpashask The difference is using the above method your key does not end up in a public github repo :)
How to access API_KEY in XML. I am struck, please help me.
@TakeoffAndroid you can use resValue
instead of buildConfigField
- this will generate a string resource. You can then use it in XML. See here for example usage.
Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.
Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.
Correct. See this comment
Map API key and fabric API key that we have to pass in Android Manifest at the time of reverse engineering we are unable to hide these api keys even though we declare them in buid gradle.
.Correct. See this comment
What is the solution for that?
@ritualapplocum Did you read the whole conversation? Your question is answered in the comments above.
@ritualapplocum Did you read the whole conversation? Your question is answered in the comments above.
yes I have already implemented it in build gradle and using those values in manifest but again when we decompile the code manifest is still displaying those api keys
Don't forget to include
secrets.properties
in.gitignore
file.