Security Vulnerability - "GCP API Keys Exposed in App" after integrating Firebase Storage

I integrated the Firebase Unity SDK v8.7.0 for Firebase Storage and confirmed it works, but after setting it up per their documentation (https://firebase.google.com/docs/storage/unity/start) I got a ...

Firebase

issue

SDK

vulnerability

RaptorMatt
4 years ago
For anyone who had the same issue, this is fixed by going into the Google Cloud Console, navigating to APIs & Services > Credentials > API Keys, and changing the restrictions on each key to "Android apps". You will need to enter your package name and SHA1 fingerprint.

To extract your SHA1 fingerprint from your keystore file, use the command line "keytool" app. Open a command prompt as administrator, change the directory to C:\Program Files\Java\jdk1.8.0_301\bin (or whatever jdk version you have), and then run: keytool -exportcert -keystore "[FILEPATH TO YOUR KEYSTORE]" -list -v

You'll need to enter your password, then it should pop out your SHA1, which you enter into the Google Cloud Console to restrict your API keys to Android apps.

Forum Discussion

🚨 This forum is archived and read-only. To submit a forum post, please visit our new Developer Forum. 🚨

Security Vulnerability - "GCP API Keys Exposed in App" after integrating Firebase Storage

Quick Links

Other Meta Support

Related Content

Vulnerability tests are not running

Security Vulnerability: "Unsafe HostnameVerifier Defined" - How to fix?

Oculus Integration 31.0 Passthrough API does not work

hardware tracking integration

Oculus Integration asset necessary?