API Key should not be stored in git
Closed this issue · 1 comments
daniel-reinhold commented
See HttpClient.kt
Stypox commented
Well, that's basically a publicly available piece of information. It is the authentication user&password that all installations of "Muoversi in Trentino" use to connect to the underlying service, and a malicious actor would be able to find it anyway by looking inside "Muoversi in Trentino"'s APK for a couple of minutes. Also, in order to publish this app on F-Droid every part of the code needs to be open source, so the authentication should be, too.