'hiding api key in BuildConfig is safe?
I wrote the API Key in the local.properties file like most people recommend, and then saved it in BuildConfig using com.google.android.libraries.mapsplatform.secrets so that it can be referenced in code.
And when I reviewed it in the Google console, I got an error message saying that the aws key obtained by referring to BuildConfig in the class that extends Application is not suitable for security.
The message was referring to the line that referenced BuildConfig exactly as well as Class.
After receiving the error message, I obfuscated it using proguard, and the error referring to the line disappeared, but the error referring to the class itself remains.
this is the error message
(1) Amazon Web Services credentials may be exposed
Your Amazon Web Services credentials may be exposed.
This exposure of your credentials could lead to unauthorized access to your AWS account, which may include associated excessive charges, and potentially unauthorized access to your data and your users' data.
(2) Leaked AWS credentials Your app contains Exposed Amazon Web Services Credentials.
Vulnerable classes:
com.{myPackage}.GlobalApplication
sv:deadline:05/23/2022
What should I do?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|