Closed mg6maciej closed 7 years ago
Hi, Sorry, only just saw this question.
The latest Google Play Services SDK actually requires an API key as part of the call to the attest() function. We have just updated the Android sample code to include an API key and we'll be updating the documentation shortly as well.
@jfschmakeit What would be the reason to require it in client? How would you stop someone from getting the key from compiled APK and using it to do verify (https://www.googleapis.com/androidcheck/v1/attestations/verify) requests on my behalf in some other context?
I have a API key for google maps can i use that API key for safetynet.?
Thanks.
In the documentation (https://developer.android.com/training/safetynet/attestation.html#add-api-key) it is suggested to use API key, but this sample doesn't use it and does not mention its use in client app. In this repo use of API key is only mentioned when doing online verification on the server, which is also mentioned in the documentation.
So the question is if this API key should be used or should not be used in Android app? Also found it unanswered on StackOverflow.