skip to Main Content

I’m looking for the best practices to securely store the Google Play Store API key in my application. Since this key is a sensitive piece of information, I want to ensure that it’s kept safe and protected from unauthorized access, whether it’s during development, within the app’s runtime, or during deployment. I’m particularly interested in understanding the most effective storage methods that can prevent reverse engineering or unauthorized access, especially considering the vulnerabilities in mobile environments. Could anyone recommend the most secure and reliable approach or storage location for this key, along with any additional precautions I should take to enhance security?

2

Answers


  1. The most security data storage on iOS application is by using KeyChain SDK https://developer.apple.com/documentation/security/keychain-services and on the Android application is by using KeyStore https://developer.android.com/privacy-and-security/keystore, there is a wrapper for the both platforms in Flutter, that is flutter_secure_storage https://pub.dev/packages/flutter_secure_storage.

    KeyChain on iOS and KeyStore on Android are quite secure even if the app will be reversed engineering.

    Login or Signup to reply.
  2. The signing key is not included in the apk file that a user would download. Just put your key somewhere in your repo so you dont lose it and thats enough

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search