FaridSafi / react-native-google-places-autocomplete

Customizable Google Places autocomplete component for iOS and Android React-Native apps
MIT License
2.01k stars 854 forks source link

Question: session IDs and API key security #805

Open thesanjeevsharma opened 2 years ago

thesanjeevsharma commented 2 years ago

Describe the problem

I want to know 2 things:

  1. Does this package manage session IDs(for low cost) automatically?
  2. This package makes an XHR request, which can be seen by anyone. API KEY will be passed into the request. Is there a way to protect/restrict it?
beydogan commented 1 year ago

This library is basically unusable as it is since anyone can decompile the app or sniff the requests to obtain API Key and can cost you $$$$$ by using your key, it might be already too late when you realize. You cannot even rotate keys that easily if you just hardcode the keys in your app because it will stop working for old users...