Android Question Remediation for Exposed GCP API keys

asales

Well-Known Member
Licensed User
I get an alert in Google Console to one of my apps.

Security Alert
The app has open Google Cloud Platform (GCP) API keys. See this Google Help Center article for more details.
Vulnerable locations:


( Alerta de segurança
O app tem chaves expostas de API do Google Cloud Platform (GCP). Leia este artigo da Central de Ajuda do Google para saber mais detalhes.
Locais vulneráveis:
)

br.com.myprofiles.main->_globals
br.com.myprofiles.main->_vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv4

The article mentioned is this:
https://support.google.com/faqs/answer/9287711

All my apps have this lines in the Process_Globals. Only now I get this alert.
B4X:
Sub Process_Globals
   Dim billman3 As BillingManager3   
   Dim Const chv As String = "MIIBI...AB"
End Sub
I don't changed nothing in this line since the app was release some years ago and now I get this alert.
What can be the problem and how I can fix it.

Thanks in advance for any tips.
 

DonManfred

Expert
Licensed User
The interesting part is:

Add restrictions to your API key so that only your apps are allowed to use the API key. More details on adding restrictions to API keys can be found here.

Solution: Add a restriction to your Key. For ex. add your packagename and signhash: only your app can use the key then.
 
Top