This solution does not add any security at all. The config field you declare in the gradle file will end up in a constant string in the final apk. It takes seconds to decompile the APK and do a search by the text "API" and you get the key. Obfuscation does not help as well. The string values can not be obfuscated. I'm also looking for real solution for this problem but unfortunately haven't found one.
Thank you Younes, for my side I store the API in Firestore and use App Check to restrict calls to within the app. When retrieving the value from Firebase, it is automatically decrypted and then encrypted using Keystore, but I'm still getting some issue with the App Check could you please make a video about it, and how we implement it properly.
This solution does not add any security at all. The config field you declare in the gradle file will end up in a constant string in the final apk. It takes seconds to decompile the APK and do a search by the text "API" and you get the key. Obfuscation does not help as well. The string values can not be obfuscated.
I'm also looking for real solution for this problem but unfortunately haven't found one.
I prefer to use the NDK to store and retrieve API Keys. It better to not use "The only way" in your UA-cam title.
Actually I was looking for it and I got film "30 sec ago ", Thank you in advance
local properties not secure. this approach has 5% secure.
Thank you Younes, for my side I store the API in Firestore and use App Check to restrict calls to within the app. When retrieving the value from Firebase, it is automatically decrypted and then encrypted using Keystore, but I'm still getting some issue with the App Check could you please make a video about it, and how we implement it properly.
Inshallah Sure
By your solution a hacker just need 5 minutes to find the key in apk.
Really? which solution do you mean?