Open in app

Sign in

Write

Sign in

…ctual value of the API_KEY will be retrieved from the gradle.properties file during the build time. It doesn’t exist in runtime or inside your APK.

How to Safely Store Credentials in Android Projects Using gradle.properties
263
7

Clint Paul

Lam Pham
Jan 22, 2021

this is not true.

BuildConfig is a java file like all others, so it's also packaged within the apk.

Reverse the apk and you will see your API_KEY there.

using gradle.properties to store secret keys and hardcoding them in code are somehow the same thing in term of security.

Sign up to discover human stories that deepen your understanding of the world.

Free

Distraction-free reading. No ads.

Organize your knowledge with lists and highlights.

Tell your story. Find your audience.

Membership

Read member-only stories

Support writers you read most

Earn money for your writing

Listen to audio narrations

Read offline with the Medium app

Lam Pham
Lam Pham

Written by Lam Pham

151 Followers
33 Following

Software Engineer

Responses (1)

Write a response

What are your thoughts?

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams