Im going to make an app which uses Google Maps API. We all know it isn't free for searching etc.
This API KEY needs to be saved in the app code which can be reverse engineered and extracted.
What if someone uses botnet + my apk file to drain my Google Maps account?
You can see the $$ high amount bill if your API key is not restricted.
For restricting it, Follow the below steps:
To set an application restriction for an API key
Visit the credentials panel.
Select the API key that you want to set a restriction on. The API key property page appears.
Under Key restrictions, select Application restrictions.
Select one of the restriction types and supply the requested information following the restriction list.
Android apps
Add your package name and SHA-1 signing-certificate fingerprint to restrict usage to your Android app.
Below the types, add the SHA-1 signing-certificate fingersprint and your Android package name from your AndroidManifest.xml file.
iOS apps
Accept requests from the iOS app with the bundle identifier that you supply.
Below the types, select the appropriate iOS bundle identifier from the list.
Click Save.
The restriction becomes part of the API key definition after this step. If you fail to provide the appropriate details or do not click “Save”, the API key will not be restricted.
