Android: Leaked GCP API Keys

Asked Feb 15 '22 at 10:04

Active Feb 17 '22 at 18:12

Viewed 856 times

I pushed an app to production, and it shows the following error in the google play console.

Leaked GCP API Keys Your app contains exposed Google Cloud Platform (GCP) API keys. Please see this Google Help Center article for details.

com.example.tools.homeScreen.MainActivity->onCreate

I tried adding this line of code in the build gradle file and specifying the keys in the local.properties file. But it didn't work.

 buildConfigField("String", "sender_id", "\"" + localProperties['SENDER_ID'] + "\"")

edited Feb 16 '22 at 12:34

Justin Poehnelt

asked Feb 15 '22 at 10:04

Valencio Araujo

*firebaser here* It sounds like you've included the FCM server keys in your Android app, which is not secure. Calls to the FCM REST API require that you specify the FCM *server* key in your code. As its name implies, this key should only be used in server-side code, or in an otherwise trusted environment. The reason for this is that anyone who has the FCM server key can send whatever message they want to all of your users. By including this key in your Android app, a malicious user can find it and you're putting your users at risk. See https://stackoverflow.com/a/37993724 for a better solution – Frank van Puffelen Feb 15 '22 at 14:29
I am facing the same issue. not getting any solution – Gulnaz Ghanchi Apr 25 '22 at 19:42

0 Answers0