Conversation
| ], | ||
| "api_key": [ | ||
| { | ||
| "current_key": "AIzaSyDRfdW_nEkshiKZnlUiTY7Ww5R3Ne0Fgog" |
There was a problem hiding this comment.
I don't know how this is handled in open-source projects but I'd suggest to not publish the googles-services.json since somebody knowing these keys can spam firebase with arbitrary events...
There was a problem hiding this comment.
good question ... it is bound to the package. So in the store its not really possible, but I must admit apps not installed from the play store can spam into the account (but why should they do it :-D )
There was a problem hiding this comment.
After a quick research it turned out to be okay to put the google-service.json into the public repository since the keys can be extracted easily from the APK itself. But it is possible to restrict the API access to correctly signed APKs only.
Take a look at: https://stackoverflow.com/a/57067722/6843341
3 participants
Add firebase , Crashlytics, Performance API and CustomLogger