I don't think that restricting the token to my app will work as this is using the Web Service to do the work, and the web service request could come from anywhere.
I think that I will have to use the Geocoding Library to solve this. Incidentally this warning first appeared on 13 Jun 2019, just after Google tightened up on Geocoding requests.)
I know that restricting the key to your app IS the solution. Once you restrict it google will know.
NO ONE else can use the key in his app even if he extract it from my app using reverse engineering.
Using a Server key is not possible in android. The key must be used on a SERVER. In a B4J App for example.
Note that everyone with a bit knowledge is able to extract the key from your app. Having a serverkey bound in your app open the door wide open for any hacker.