Security Vulnerability - "GCP API Keys Exposed in App" after integrating Firebase Storage
I integrated the Firebase Unity SDK v8.7.0 for Firebase Storage and confirmed it works, but after setting it up per their documentation (https://firebase.google.com/docs/storage/unity/start) I got a security vulnerability failure, "GCP API Keys Exposed in App": This appears to be due to the 'google-services.json' file that Firebase provides when you set up your project. Firebase asks you to put this file anywhere in your unity project. This file does contain an API key. But according to Firebase, it is "used when calling certain APIs that don't need to access private user data" and Firebase requires this key to work. See here: https://firebase.google.com/docs/projects/learn-more#config-files-objects How can this issue be fixed so that my app passes the security vulnerability test?Security Vulnerability: "Unsafe HostnameVerifier Defined" - How to fix?
Hello! In my Unity VR app, I recently got a security vulnerability test failure: "Unsafe HostnameVerifier Defined". In previous security tests, this did not happen and I haven't changed any networking related code, but now I am getting this failure. Nowhere in my C# code is there any mention of HostnameVerifier (I searched the entire solution in Visual Studio) and because it mentions java, I assume this is a java-related issue due to one of the SDKs I'm using, but I am not sure how to track it down and fix it. The two suspect SDKs I'm using are Firebase Unity SDK (for cloud storage) and DeltaDNA (for analytics). But I'm not sure how to fix this. Does anyone know how to solve this issue?
