#StackBounty: #android #android-security Android: How to use GCP service account for Android app

Bounty: 50

I am using Google directions api in my app. Recently, I got warning from Google about the API key saying:

Your app contains exposed Google Cloud Platform (GCP) API keys

This is because the directions API needs auth key(I have that key in strings.xml file, and appending it from there). On the console, package name and SHA1 for app is already added alongwith restricting the API. I read about setting up GCP service account but not getting idea of how to use it. As per docs, we should set environment variable and provide credentials through it. Does this means I have to store the generated json file in my application and get credentials from there(as mentioned in the docs). If not, then what should be best approach for mobile apps.

Update: The generated google-services.json itself has api key in it.


Get this bounty!!!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.