Hide API key in manifest and in Android source code

Question

Hide API key in manifest and in Android source code

I have a Google MAPS API that can be easily seen when you decompile my application using reverse engineering. This is not good. In addition, I use the KEY weather API in my source code, accessing through a line.

I found this site https://medium.com/@cassioso/a-strategy-to-secure-your-api-keys-using-gradle-b9c107272860

and wanted to ask you if this article is recommended or do you have an idea?

Does anyone have any experience with this issue?

I use ProGuard, but ProGuard DOES NOT confuse AndroidManifest (which is not even possible as far as I read), and it also does not confuse any StringKEY API (I don’t know why)

I have no experience with DexGuard.

Could you tell me if this site works, or you can give some tips on how to hide the api keys in the manifest, as well as in the source code.

+4

android maps key proguard

Blnpwr Oct 3 '17 at 21:14

source share

1 answer

Sam · Answer 1 · 2017-10-03T21:47:13+0000

There is no reason to hide your API key. They are analyzed directly from the manifest. Just about to comment, not reply, but the comment was too long haha. therefore, I think I will send as an answer.

Why do you want to hide the API key? GMaps and Fabric and Firebase recommend you put it right in your Manfiest.

-, , build.config. Gradle, . - , APK. , .

, API, , , SQLCipher. . , , SDK .

SDK , , , SDK , .

- API-. , SDK , , , SDK, , . . API?

Hide API key in manifest and in Android source code

More articles: