How to Hide API and Secret Keys in Android Studio?
Last Updated :
15 May, 2021
API (Application Programming Interface) is a set of codes that helps in propagating information from one software or an application to the other. Tech companies create their software and APIs, which can be used to build new applications and features by their employees, making them private to use. However, some companies lease their APIs to third parties (can be other companies, developers, contributors) to implement features from their software in their projects, at some minimal cost and restricted use. So if you purchase or lease an API from a company, the company will provide you with an API key, which you must declare in your project to validate the API permission and access the features.
Why hide them? How can we hide them?
So it becomes crucial to hide API keys while using them to build applications as you have purchased or leased them. There are several ways of wrapping them within the application. We want to share with you an ethical way to secure your API key while building applications in Android Studio through this article. Refer to the flowchart below and try understanding the approach.
Approach
To hide a key, follow the steps below:
Step 1: Create a New Project in Android Studio
To create a new project in Android Studio please refer to How to Create/Start a New Project in Android Studio. We demonstrated the application in Kotlin, so make sure you select Kotlin as the primary language while creating a New Project.
Step 2: Go to the .gitignore file in the projects in the menu
In the left top corner of the Android Studio IDE, you will find a menu where you can view the same project in different views. Click it and select the project option.
Select the Project option in the menu
In the project option, you will find the Gradle folder in which you need to open the .gitignore file.
Click on the .gitignore file to open it
Step 3: Check if local.properties is listed in the .gitignore file
In the .gitignore file, check if local.properties is listed. .gitignore will ignore every file listed in it during the build.
Step 4: Go to local.properties file in the gradle folder and declare the API/Secret key
In the same gradle folder, you will find the local.properties file. Open it and declare the key as shown.
Step 5: Go to build.gradle in the app > src folder and append the following Google plugin
Now go to the build.gradle file and add the below plugin in the plugins as shown.
plugins {
id 'com.google.secrets_gradle_plugin' version '0.4'
}
After adding the plugin, click on the Sync Now option.
Step 6: Go to AndroidManifest.xml and create a meta-data
Now go to the AndroidManifest.xml file and declare a meta-data. Meta-data must be declared between the activity and application finishing tags.
XML
<application>
.
.
.
.
<activity>
.
.
.
.
</activity>
<meta-data
android:name = "keyValue"
android:value = "${KEY}"/>
</application>
|
Step 7: Go to MainActivity.kt and type in the below code to get the KEY value from the meta-data in AndroidManifest.xml
Add the following code in the main program to call the key. To check if the key is fetched, we will generate a toast displaying the key value.
Kotlin
package com.geeksforgeeks.hidingapikeysandroid
import android.content.pm.ApplicationInfo
import android.content.pm.PackageManager
import android.os.Bundle
import android.widget.Toast
import androidx.appcompat.app.AppCompatActivity
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val ai: ApplicationInfo = applicationContext.packageManager
.getApplicationInfo(applicationContext.packageName, PackageManager.GET_META_DATA)
val value = ai.metaData["keyValue"]
val key = value.toString()
Toast.makeText(applicationContext,key,Toast.LENGTH_LONG).show()
}
}
|
XML
<?xml version="1.0" encoding="utf-8"?>
<androidx.constraintlayout.widget.ConstraintLayout
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context=".MainActivity">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="GeeksforGeeks"
app:layout_constraintBottom_toBottomOf="parent"
app:layout_constraintLeft_toLeftOf="parent"
app:layout_constraintRight_toRightOf="parent"
app:layout_constraintTop_toTopOf="parent" />
</androidx.constraintlayout.widget.ConstraintLayout>
|
Output:
Screenshot when the program runs
We are able to see a Toast with the same key value. This means everything worked fine and we could successfully fetch the key. Now we can use the key validating the API and implement its features.
Similar Reads
How to Create/Start a New Project in Android Studio?
After successfully installing the Android Studio and opening it for the first time. We need to start with some new projects to start our journey in Android. In this article, we will learn about How to Create a New Project in Android Studio. Steps to Create/Start a New Android Project in Android Stud
2 min read
How to Make a Meme Sharing App in Android Studio?
Pre-requisites: Android App Development Fundamentals for BeginnersGuide to Install and Set up Android StudioAndroid | Starting with first app/android projectAndroid | Running your first Android app In this article, we will learn how to create an app using Kotlin where memes will be fetched from Redd
5 min read
How to Change the API SDK Level in Android Studio?
Generally, API level means the Android Version. This determines which version the developers are targeting their application and what is going to be the minimum level of the android version in their application will run. For setting the Minimum level and Maximum level android studio provides two ter
2 min read
How to Generate SHA1, MD5, and SHA-256 Keys in Android Studio?
SHA1, MD5, and SHA-256 are cryptographic functions that will convert your input to 160 bit (20 bytes) value. It is a secure key that is used to store very important data. In Android SHA1, MD5 and SA-256 keys are very important. If you want to add external APIs from Google such as Maps and other exte
3 min read
How to Generate Signed Apk in Android Studio?
Signed Apk generates a key and this key can be used to release versions of the app, so it is important to save this key which will be used when the next version of the app is released. The Android system needs that all installed applications be digitally signed with a certificate whose private key i
3 min read
How to Create Admin & Client App in One Project Using Android Studio?
You all must know about projects in which two applications are required one for the client and the other for the admin. Here we will see how we can implement both the applications under a single project in android studio. Let us see the step-by-step implementation of this procedure. Step by Step Imp
2 min read
How to Create Menu Folder & Menu File in Android Studio?
Menus are the common user interface component in almost all the application. This interface provides a few options from which the user can select an option. There are 3 types of menu types available in Android: Options menu and app barContext menu and contextual action modePopup menuHow to define Me
3 min read
How to Reset Android Studio?
Android Studio Reset, means to reset all the settings to factory(default) settings. The reset will remove all of your android studio settings, projects, and also all the Gradle files. This will make your android studio looks like a newly fresh installed software. It is recommended to make a backup o
2 min read
How to Generate Signed AAB File in Android Studio?
In this article, you will learn how to create an Android App Bundle (AAB) file for an Android app. An Android App Bundle is a publishing format that includes all your app’s compiled code and resources. Your application should be digitally signed with a key in order to publish it on the Google Play s
2 min read
How to Create a New Fragment in Android Studio?
Android Studio is the official integrated development environment for Google's Android operating system, built on JetBrains' IntelliJ IDEA software and designed specifically for Android development. You can Develop Android App using this. Here, We are going to learn how to create a new Fragment in A
2 min read