0

Your app contains exposed Google Cloud Platform (GCP) API keys, the Classes:

MainActivity->onCreate

Please refer to the following article on how to fix the issue: https://support.google.com/faqs/answer/9287711

I am getting this alert from my google play store console after implementing new google places API. I have added restrictions to my API key with my SHA key as well. I have used same line from demo project.

https://github.com/googlemaps/android-places-demos/blob/master/demo/app/src/main/java/com/example/placesdemo/MainActivity.java (Line no 32)

My code

String apiKey = getResources().getString(R.string.google_api_key);

if (!Places.isInitialized()) 
Places.initialize(getApplicationContext(), apiKey);

these lines are used in Activity which is causing this issue. I need to know how to fix this issue. Because Google new places API is also my requirement i cannot avoid using these lines in my code.

Kirill Matrosov
  • 5,564
  • 4
  • 28
  • 39
Durga Android
  • 69
  • 3

1 Answers1

0

The problem is you have directly kept your google api key in strings.xml . So any one can easily get your key and use it , if they extracted your apk file , even if you have used proguard it's not going to help you.

These are the steps you can take to help minimize the exposure of API keys

  • Get the Api key from server by making a request . That api should work for only the authorized user from your app . Ofcouse even this is not 100% secure but its better than plainly keeping the api key in the app .
  • Regenerate your API keys periodically. You can regenerate API keys from the Credentials page by clicking Regenerate key for each key. Then, update your applications to use the newly-generated keys. Your old keys will continue to work for 24 hours after you generate replacement keys
  • Adding restrictions to API keys, Check this section on how to do it
Manohar
  • 22,116
  • 9
  • 108
  • 144