Leakage of a Google API key

tanishq5414 / Companion

Companion App is a mobile application built using Flutter, Node.js, and Supabase. It allows students to easily organize and share digital documents among a community of people. Students can rate the quality of digital documents shared and have all their notes present under one application.

https://play.google.com/store/apps/details?id=com.lightheads.companion.app

9 stars 4 forks source link

Leakage of a Google API key #16

Closed V31L0x1 closed 1 year ago

V31L0x1 commented 1 year ago

The Google API Key is being leaked.

Try to encrypt it or follow some obfuscation.

Along with Api Key some other information is also being exposed in lib/firebase_options.dart File

It is also reflected in the Android application strings file

kaamilmirza commented 1 year ago

Yes, pretty bad oversight. Will fix it.

kaamilmirza commented 1 year ago

If you want to create a pull request that solves this issue (you can use any package), I'll refresh the keys and send them over to you via a secure channel if you want to test and push. @V31L0x1

V31L0x1 commented 1 year ago

Sure