How to Hide API and Secret Keys in Android Studio?
Last Updated :
15 May, 2021
API (Application Programming Interface) is a set of codes that helps in propagating information from one software or an application to the other. Tech companies create their software and APIs, which can be used to build new applications and features by their employees, making them private to use. However, some companies lease their APIs to third parties (can be other companies, developers, contributors) to implement features from their software in their projects, at some minimal cost and restricted use. So if you purchase or lease an API from a company, the company will provide you with an API key, which you must declare in your project to validate the API permission and access the features.
Why hide them? How can we hide them?
So it becomes crucial to hide API keys while using them to build applications as you have purchased or leased them. There are several ways of wrapping them within the application. We want to share with you an ethical way to secure your API key while building applications in Android Studio through this article. Refer to the flowchart below and try understanding the approach.
Approach
To hide a key, follow the steps below:
Step 1: Create a New Project in Android Studio
To create a new project in Android Studio please refer to How to Create/Start a New Project in Android Studio. We demonstrated the application in Kotlin, so make sure you select Kotlin as the primary language while creating a New Project.
Step 2: Go to the .gitignore file in the projects in the menu
In the left top corner of the Android Studio IDE, you will find a menu where you can view the same project in different views. Click it and select the project option.
Select the Project option in the menu
In the project option, you will find the Gradle folder in which you need to open the .gitignore file.
Click on the .gitignore file to open it
Step 3: Check if local.properties is listed in the .gitignore file
In the .gitignore file, check if local.properties is listed. .gitignore will ignore every file listed in it during the build.
Step 4: Go to local.properties file in the gradle folder and declare the API/Secret key
In the same gradle folder, you will find the local.properties file. Open it and declare the key as shown.
Step 5: Go to build.gradle in the app > src folder and append the following Google plugin
Now go to the build.gradle file and add the below plugin in the plugins as shown.
plugins {
id 'com.google.secrets_gradle_plugin' version '0.4'
}
After adding the plugin, click on the Sync Now option.
Step 6: Go to AndroidManifest.xml and create a meta-data
Now go to the AndroidManifest.xml file and declare a meta-data. Meta-data must be declared between the activity and application finishing tags.
XML
<application>
.
.
.
.
<activity>
.
.
.
.
</activity>
<meta-data
android:name = "keyValue"
android:value = "${KEY}"/>
</application>
Step 7: Go to MainActivity.kt and type in the below code to get the KEY value from the meta-data in AndroidManifest.xml
Add the following code in the main program to call the key. To check if the key is fetched, we will generate a toast displaying the key value.
Kotlin
package com.geeksforgeeks.hidingapikeysandroid
import android.content.pm.ApplicationInfo
import android.content.pm.PackageManager
import android.os.Bundle
import android.widget.Toast
import androidx.appcompat.app.AppCompatActivity
class MainActivity : AppCompatActivity() {
override fun onCreate(savedInstanceState: Bundle?) {
super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)
val ai: ApplicationInfo = applicationContext.packageManager
.getApplicationInfo(applicationContext.packageName, PackageManager.GET_META_DATA)
val value = ai.metaData["keyValue"]
val key = value.toString()
Toast.makeText(applicationContext,key,Toast.LENGTH_LONG).show()
}
}
<!--There's nothing to change in the front-end-->
<?xml version="1.0" encoding="utf-8"?>
<androidx.constraintlayout.widget.ConstraintLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:app="http://schemas.android.com/apk/res-auto"
xmlns:tools="http://schemas.android.com/tools"
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context=".MainActivity">
<TextView
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:text="GeeksforGeeks"
app:layout_constraintBottom_toBottomOf="parent"
app:layout_constraintLeft_toLeftOf="parent"
app:layout_constraintRight_toRightOf="parent"
app:layout_constraintTop_toTopOf="parent" />
</androidx.constraintlayout.widget.ConstraintLayout>
Output:
Screenshot when the program runs
We are able to see a Toast with the same key value. This means everything worked fine and we could successfully fetch the key. Now we can use the key validating the API and implement its features.
Similar Reads
How to Create/Start a New Project in Android Studio?
After successfully installing the Android Studio and opening it for the first time. We need to start with some new projects to start our journey in Android.In this article, we will learn about How to Create a New Project in Android Studio.Steps to Create/Start a New Android Project in Android Studio
2 min read
How to Change the API SDK Level in Android Studio?
Generally, API level means the Android Version. This determines which version the developers are targeting their application and what is going to be the minimum level of the android version in their application will run. For setting the Minimum level and Maximum level android studio provides two ter
2 min read
How to Generate SHA1, MD5, and SHA-256 Keys in Android Studio?
SHA1, MD5, and SHA-256 are cryptographic functions that will convert your input to 160 bit (20 bytes) value. It is a secure key that is used to store very important data. In Android SHA1, MD5 and SA-256 keys are very important. If you want to add external APIs from Google such as Maps and other exte
3 min read
How to Generate Signed Apk in Android Studio?
Signed Apk generates a key and this key can be used to release versions of the app, so it is important to save this key which will be used when the next version of the app is released. The Android system needs that all installed applications be digitally signed with a certificate whose private key i
3 min read
How to Speed Up Gradle build in Android Studio?
Gradle is one of the most important files or extensions that are present in the Android Project. Gradle handles all the libraries and application IDs and many important components of any Android application. Every time when we run our application or we build our apk we will get to see the message as
4 min read
How to Create Admin & Client App in One Project Using Android Studio?
You all must know about projects in which two applications are required one for the client and the other for the admin. Here we will see how we can implement both the applications under a single project in android studio. Let us see the step-by-step implementation of this procedure. Step by Step Imp
2 min read
How to Create Interfaces in Android Studio?
Interfaces are a collection of constants, methods(abstract, static, and default), and nested types. All the methods of the interface need to be defined in the class. The interface is like a Class. The interface keyword is used to declare an interface. public interface AdapterCallBackListener { void
4 min read
How to Generate Signed AAB File in Android Studio?
In this article, you will learn how to create an Android App Bundle (AAB) file for an Android app. An Android App Bundle is a publishing format that includes all your app’s compiled code and resources. Your application should be digitally signed with a key in order to publish it on the Google Play s
2 min read
How to Add Capabilities to Shortcuts in Android 13?
Shortcuts have been an integral part of Android Apps, almost every app we use has shortcuts that facilitate main activity opening with various time-savers, which turn out to be great time savers. Over the years this experience has greatly improved, and now we can add even more capabilities to our ap
4 min read
How to Create a New Fragment in Android Studio?
Android Studio is the official integrated development environment for Google's Android operating system, built on JetBrains' IntelliJ IDEA software and designed specifically for Android development. You can Develop Android App using this. Here, We are going to learn how to create a new Fragment in A
2 min read