PassAndroid icon indicating copy to clipboard operation
PassAndroid copied to clipboard
verified publisher icon ligi

Sensitive information leakage

Open alpha0490 opened this issue 5 years ago • 1 comments

your api keys are leaked here

https://github.com/ligi/PassAndroid/blob/6cdd7ce4f74be54a538014014c426bc647d550b1/android/src/withMaps/AndroidManifest.xml

alpha0490 avatar Jan 02 '21 05:01 alpha0490

Wondering what exactly is sensitive about the maps API key. What harm can people do having it?

ligi avatar Feb 16 '21 07:02 ligi

I really do not see the point - it needs to be available on the edge - so even if I obfuscate it there - it is in the end deliverable - so no real point in hiding it IMHO.

ligi avatar Apr 10 '23 19:04 ligi