I am about to publish an Android app and during development I used some third party services that provided api keys in order to use their services. My question is, should I be concerned about how/where I place the api keys within the app?
I have created a Constants.class for the api keys, app id etc and I reference to the class within the app. I have seen some tutorials on Udacity where api keys were placed in gradle scripts -local,properties file, I havent really understood why and what is the best approach. Is it easy that someone can reverse engineer an app and access confidential information e,g the keys and abuse your account? I am relatively new to programming