API Key should not be stored in git

Question

API Key should not be stored in git

Closed this issue 2 years ago · 1 comments

See HttpClient.kt

Answer 1 · 2022-10-24T21:22:56.000Z

Well, that's basically a publicly available piece of information. It is the authentication user&password that all installations of "Muoversi in Trentino" use to connect to the underlying service, and a malicious actor would be able to find it anyway by looking inside "Muoversi in Trentino"'s APK for a couple of minutes. Also, in order to publish this app on F-Droid every part of the code needs to be open source, so the authentication should be, too.