react-native-google-places icon indicating copy to clipboard operation
react-native-google-places copied to clipboard

Published 20 hours ago verified publisher icon tolu360

Play Console - Security warning

Open MelanieJourne opened this issue 5 years ago • 7 comments

Hello,

When uploading my APK on the Play Console, I have the following message: alert

My key is secure (restricted API + restricted to Android applications with my fingerprint SHA-1). However, I would like to delete the warning entirely. And I use the Gradle.properties method.

I use this package version 3.1.0 and react-native 0.59.9.

Can anyone can tell me how to proceed ?

Thanks in advance

MelanieJourne avatar Jul 04 '19 15:07 MelanieJourne

Hi, I got the same! I thought restricting API calls from my app would solve the issue but no.

wmonecke avatar Jul 06 '19 17:07 wmonecke

I also test the "export key" method but it does not resolve the issue

MelanieJourne avatar Jul 08 '19 14:07 MelanieJourne

I'm having the same issue, I followed the steps from secure API KEY , however when I export the API Key in my System environments located on ~/.bash_profile -(in my case ) I can see my environments variable is there using the CLI in the terminal $printenv but when I'm running my on my simulator I got 9011: The provided API key is invalid.

janet-rivas avatar Aug 08 '19 23:08 janet-rivas

I finally find the solution for this issue

  1. I have to setup my System Environment variables in my local environment in my case I'm using MacOS, open terminal and run - export RNGP_ANDROID_API_KEY=Insert_API_KEY_here , or copy it in ~/.bash_profile
  2. Make sure my system/environment variable is there printenv this will list those and there should be RNGP_ANDROID_API_KEY
  3. Add android/gradle.properties the following line
# GOOGLE PLACES (we will replace this value DON'T COPY YOUR API KEY HERE)
RNGP_ANDROID_API_KEY=HiHackerNoMyKey

4 add the following lines in app/build.gradle inside defaultConfig

defaultConfig {
  buildConfigField("String", "RNGP_ANDROID_API_KEY", "\"${RNGP_ANDROID_API_KEY}\"")
}

in my case I'm using Appcenter as CI so I added this line if we are building in CI and my CI should have my APIKEY in my system/environment variable already setup

[buildConfigField("String", "RNGP_ANDROID_API_KEY", "\"${System.env.RNGP_ANDROID_API_KEY}\"")](url)

I hope this helps!!

janet-rivas avatar Aug 10 '19 03:08 janet-rivas

@janet-rivas With the changes you suggested, we will end up having the api key in BuildConfig file. Because that file can be decompiled to extract the keys, google shows us that error. As of now, only way to fix this is by restricting the key as mentioned in google's doc.

You can verify this by decompiling your app using http://www.javadecompilers.com/apk and check sources/you_app_package_name/BuildConfig.java

dhruv-toptal avatar Oct 17 '19 11:10 dhruv-toptal

@dhruv-toptal yes notice it too, after awhile I did the configuration it starting through me the warning again, I restricted the api key according the google doc using my Android and IOS app ID but this warning does not go away :(

janet-rivas avatar Oct 17 '19 13:10 janet-rivas

Having same issue. Referring in gradle.properties to environment variables doesn't work

Barukimang avatar Jan 15 '20 18:01 Barukimang