- SDK Version:48
In the docs it says
Note: This property key is not included in the production manifest and will evaluate to
undefined. It is used internally only in the build process, because it contains API keys that some may want to keep private.
so where is it stored? is it accessible by inspecting the apk? how does react-native-maps access it?
so where is it stored?
is it accessible by inspecting the apk? how does react-native-maps access it?
yes, it’s accessible, so app can just read it from the disk
Is the google maps apiKey in app.json safe?
That depends what you mean by safe:
- If you mean whether this is correct use of maps key, then yes. It’s expected to be stored in places where it can be accessed for third party actors.
- If you mean whether it’s protected against unauthenticated access, then no.
There is no way to secure anything client side.
This property key is not included in the production manifest and will evaluate to
This statement does not mean it won’t be included in a build, it’s just saying it won’t be included in manifest, (so it won’t be a part of an update)
In addition to what wkozyra said, you should restrict the API key so that Google will only allow requests from your Android app using that key. See this video for how that is done.
See the Google docs for more details:
This topic was automatically closed 20 days after the last reply. New replies are no longer allowed.