GCP API keys exposed in app

Question

Hey folks, our app recently started failing security vulnerabilities testing due to "GCP API keys exposed in app", implying that somewhere in code is a hardcoded web client API key.&nbsp; However, I haven't been able to locate any such issue in our app.&nbsp; Is there a way to run these security checks locally or get more information on where or what exactly the exposed key(s) are?

andrew_recroom · Accepted Answer

I was able to determine that these failures come from some Firebase config files used on other platforms.&nbsp; I can remove those configs from Oculus builds (which don't use Firebase), but that won't actually plug the security hole, as it will still be exposing those keys on the platforms that do use Firebase.&nbsp; Seems like this is a Firebase problem now and not an Oculus one.

Forum Discussion

🚨 This forum is archived and read-only. To submit a forum post, please visit our new Developer Forum. 🚨

GCP API keys exposed in app

1 Reply

Quick Links

Other Meta Support

Related Content

Security Vulnerability - "GCP API Keys Exposed in App" after integrating Firebase Storage

Lost google authenticator key

ArgumentException: An item with the same key has already been added. Key: Assembly-CSharp

GCP API keys hard coded in the app

Game Keys