Тёмный

How to hide your API keys on Android 

Google Maps Platform
Подписаться 38 тыс.
Просмотров 39 тыс.
50% 1
ВидеоПоделитьсяСкачатьДобавить в

Developing Android apps using Google Maps Platform SDKs, but worried about the security of your API Keys? Learn one way to protect your API Keys by hiding them from version control with an open source plugin.
Secrets-gradle-plugin → goo.gle/30pHNlc
Restricting API Keys → goo.gle/3qyHSO0
Watch more Geocasts → goo.gle/Geocasts
Subscribe to Google Maps Platform → goo.gle/GMapsPl...
#Geocasts #Developer

Опубликовано:

 

13 сен 2024

Поделиться:

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист
Посмотреть позже
Комментарии : 44   
@GoogleMapsPlatform
@GoogleMapsPlatform 2 года назад
Subscribe to Google Maps Platform for tutorials, tips, user stories, announcements, and more! → goo.gle/GMapsPlatform
@ZeroDevID
@ZeroDevID 2 года назад
**DISCLAIMER:** This plugin is primarily for hiding your keys from version control. Since your key is part of the static binary, your API keys are still recoverable by decompiling an APK. So, securing your key using other measures like adding restrictions (if possible) are recommended.
@dimitriskatikaridis4382
@dimitriskatikaridis4382 2 года назад
Google should allow developers assert the api key on the runtime. With that way, using some custom encryption and/or NDK, the apikey will be way more secured.
@go_better
@go_better 2 года назад
Thanks! Very brief, useful and straight to the point!
@AlexSanchezMorales
@AlexSanchezMorales 2 года назад
Just for clarification and as it's stated by the host in the intro. this is only to hide your key from source control. If you are trying to fix a Leaked GCP API Keys error from playstore console, you still got the error.
@b_rabbit9774
@b_rabbit9774 2 года назад
can you refer a video on how to fix that error? thanks!
@NishantjonyJaiswal
@NishantjonyJaiswal 2 года назад
omg,how to solve?
@premdhanraj393
@premdhanraj393 3 года назад
In this video you are giving one ID and in android documentation there is different ID and in your github repo there is another new ID. I tried all 3. For all 3 i got same error "plugin id not found". Can you give updated instruction in clear steps ?
@chrisarriola3578
@chrisarriola3578 3 года назад
Hi Prem! There have been a few changes since the plugin was moved to Google Maven. Please refer to the installation instructions (com.google.android.libraries.mapsplatform.secrets-gradle-plugin) and feel free to file an issue on GitHub if you are still having trouble.
@AlexBGamesONLINE
@AlexBGamesONLINE 3 года назад
Does this keep people from being able to decompile the apk and view the api key?
@chrisarriola3578
@chrisarriola3578 3 года назад
The plugin prevents really trivial ways to extract an API key (i.e. source code, via PackageManager) but it does not safeguard against decompiling an APK. This is why it's still important to add key restrictions to your key.
@nathanielwaggoner3005
@nathanielwaggoner3005 2 года назад
No. All this does is hide it from source.
@Andrew-li5oh
@Andrew-li5oh Год назад
@@chrisarriola3578 do you know of resources to explain how to add key restrictions to your key?
@riyupapa39
@riyupapa39 2 года назад
Thanks! Very very useful video!!
@sukhwantsingh501
@sukhwantsingh501 4 месяца назад
Will this api key be visible during the release apk decompile process?
@bizlog6283
@bizlog6283 2 года назад
Thanks it's working fine.
@Sonu.Singh.28
@Sonu.Singh.28 2 месяца назад
Personally I loved the Hindi Track 😍😍.
@ronsivan93
@ronsivan93 2 года назад
Hi, My app has been removed for this reason: Your app contains exposed Google Cloud Platform (GCP) API keys. Which means my api key was exposed in my code. I've applied the fix as described in the video with the latest version of the secrets-gradle-plugin. Will this help to get my back on the Google Play Store? Thanks
@ronsivan93
@ronsivan93 2 года назад
@Rai S I didn't resolve the problem, error still appears in Play Console. So I've tried it with Base64 decoding, I think it should solve it, currently app is in review...
@SergiohUss
@SergiohUss 2 года назад
i have the same problem, did you find a solution?
@ronsivan93
@ronsivan93 2 года назад
@@SergiohUss Yes, I did Base64 encoding on my api key, then used it in the code as a string variable and created a function to decode it to get the original key
@manuelito3000plus
@manuelito3000plus Год назад
​​@@ronsivan93like this: Places initialize(this, decodeBase64function(stringInBase64))?
@NishantjonyJaiswal
@NishantjonyJaiswal 2 года назад
Thanks
@brandondelacruz2933
@brandondelacruz2933 3 года назад
If I use the plugin you typed, its working. But the one on the documentation isnt working. Why is that?
@chrisarriola3578
@chrisarriola3578 3 года назад
Thanks for pointing this out! I will get this corrected.
@brandondelacruz2933
@brandondelacruz2933 3 года назад
@@chrisarriola3578 Thanks! Big help
@AbhishekSingh-dq5bj
@AbhishekSingh-dq5bj 3 года назад
Does this process also helpful while saving any type of keys like API keys or AES keys?
@chrisarriola3578
@chrisarriola3578 3 года назад
Yes! You can use the plugin for any kind of key that you want to hide from source control and expose via BuildConfig or manifest file. Note that those keys are still vulnerable though if your APK is decompiled.
@erlangparasu6339
@erlangparasu6339 3 года назад
we need more secure.. something like compiled as encrypted value, auto decrypt when accessing it
@chrisarriola3578
@chrisarriola3578 3 года назад
This is definitely a good idea! The challenge I see here is that the key used for encryption/descryption would also need to be secured somehow.
@thatsweetlilthing2
@thatsweetlilthing2 3 года назад
The algorithms used to decrypt would also still be available through decompilation or reviewing the binary assemblies. While it is more difficult, it is no better than obfuscation.
@erlangparasu6339
@erlangparasu6339 3 года назад
how about other encryption like AES, RSA, androidkeystore?
@thatsweetlilthing2
@thatsweetlilthing2 3 года назад
@@erlangparasu6339 Again, open standards. If they can decrypt them while using them, it is not secure. Once an attacker gains physical access, all bets are off.
@PhongTran-hz4ht
@PhongTran-hz4ht 3 года назад
Will it still work if I release the app?
@chrisarriola3578
@chrisarriola3578 3 года назад
Yep! If you would like, you can also create a separate release API key. See: github.com/google/secrets-gradle-plugin#build-variant-specific-properties
@AlekSilAudiobooks
@AlekSilAudiobooks Год назад
Why is the sound so terrible?
@toonkinga284
@toonkinga284 2 года назад
CAN WE USE THIS WITH FLUTTER ?
@chrisarriola3578
@chrisarriola3578 2 года назад
This can also work with Flutter by modifying, however, note that there is no equivalent solution on iOS.
@pikachufreefire6836
@pikachufreefire6836 2 года назад
yes
@mhdunknown
@mhdunknown 2 года назад
You could just skip this library and just put Properties properties = new Properties() properties.load(project.rootProject.file("local.properties").newDataInputStream()) buildConfigField "String", "API_KEY", "\"${properties.getProperty("API_KEY")}\"" inside the defaultConfig{} block in the app module's build.gradle, and then call your API_KEY that's inside your local.properties with BuildConfig.API_KEY lol
@sedraopamp
@sedraopamp Год назад
Correct. I'd also add this to allow the api key as metadata on AndroidManifest.xml: manifestPlaceholders = [API_KEY:"${properties.getProperty('API_KEY')}"]
Далее
How to add a Map using iOS SDK
2:56
How to add a Map using iOS SDK
Просмотров 9 тыс.
How to Hide & Protect API Keys in Your Android App (Reverse Engineering)
10:13
How to Hide & Protect API Keys in Your Android App (Reverse Engineering)
Просмотров 64 тыс.
when you have plan B 😂 @andreyreactions
00:11
when you have plan B 😂 @andreyreactions
Просмотров 1,7 млн
魔術表演,等下爸爸該懷疑人生了,閨女配合竟然是為了他的錢! #爸爸帶娃 #家有萌娃 #親子
00:19
魔術表演,等下爸爸該懷疑人生了,閨女配合竟然是為了他的錢! #爸爸帶娃 #家有萌娃 #親子
Просмотров 3,9 млн
2 hacks with a cardigan 💖✨ THIS or THAT? 🎀 Subscribe for #fashion #shorts
00:12
2 hacks with a cardigan 💖✨ THIS or THAT? 🎀 Subscribe for #fashion #shorts
Просмотров 631 тыс.
Good fragrance doesn’t have to come with a big price tag🏷️ #trending #shorts #catchysmells #itmaaz
01:00
Good fragrance doesn’t have to come with a big price tag🏷️ #trending #shorts #catchysmells #itmaaz
Просмотров 22 млн
UI Libraries Are Dying, Here's Why
13:28
UI Libraries Are Dying, Here's Why
Просмотров 310 тыс.
Is Monogamy Realistic for Gay Men?
15:21
Is Monogamy Realistic for Gay Men?
Просмотров 39 тыс.
How to generate and restrict API keys for Google Maps Platform
4:39
How to generate and restrict API keys for Google Maps Platform
Просмотров 644 тыс.
The Most Legendary Programmers Of All Time
11:49
The Most Legendary Programmers Of All Time
Просмотров 558 тыс.
Secure your data - Deep dive into encryption and security (Android Dev Summit '19)
15:09
Secure your data - Deep dive into encryption and security (Android Dev Summit '19)
Просмотров 42 тыс.
5 Fatal Coroutine Mistakes Nobody Tells You About
18:15
5 Fatal Coroutine Mistakes Nobody Tells You About
Просмотров 87 тыс.
Your API Keys are NOT SAFE in a native app 🤬
9:26
Your API Keys are NOT SAFE in a native app 🤬
Просмотров 11 тыс.
Mapping with Firebase (pt. 1)
2:46
Mapping with Firebase (pt. 1)
Просмотров 11 тыс.
Hide API Keys Without dotenv environment variables | Hiding API Keys in Javascript Netlify
10:38
Hide API Keys Without dotenv environment variables | Hiding API Keys in Javascript Netlify
Просмотров 41 тыс.
when you have plan B 😂 @andreyreactions
00:11
when you have plan B 😂 @andreyreactions
Просмотров 1,7 млн