googleads-mobile-android-examples icon indicating copy to clipboard operation
googleads-mobile-android-examples copied to clipboard
verified publisher icon googleads

[Security] Leaked GCP API Keys

Open Mercandj opened this issue 1 year ago • 0 comments

Hello, thks for your great work.

After releasing on the PlayStore, the pre-launch report is detecting a leaked GCP API Key from library: com.google.android.gms:play-services-ads-lite:23.0.0@aar

Screenshot 2024-05-04 at 08 51 54

Decompiled code is "available" here and seems to show: "gads:safe_browsing:api_key", "AIzaSyDRKQ9d6kfsoZT2lUnZcZnBYvH69HExNPE"

On the play-services-ads-lite:23.0.0 version, the issue seems to come from the com.google.android.gms.internal.ads.zzbii class:

Screenshot 2024-05-04 at 09 00 08

Proposition to hide the secret: get it from backend, AES, or the Google library secrets-gradle-plugin.

Related issues:

  • https://github.com/googleads/googleads-mobile-flutter/issues/622

Thks for your great sample and feel free to tell me if this issue is not related to the sample so should be open on another repository.

Mercandj avatar May 04 '24 07:05 Mercandj