Enforce API key restrictions for Android consumers
Closed this issue · 0 comments
Is your feature request related to a problem? Please describe.
Since inception, the google-maps-services-java library has discouraged Android developers from including this library in their app due to unrestricted API keys being packaged as part of an APK (see Intended Usage of this Library). This feature request is related to signing all network calls made to Google Maps Platform when this library is consumed on Android so that API key restrictions can be applied and enforced thereby improving security for Android consumers.
Describe the solution you'd like
In the default GeoApiContext builder, implement an OkHttp interceptor that will modify requests by adding API key restriction-related headers to network call when the library detects that it is being used within Android. This check can be performed via reflection by detecting the existing of an Android-specific class such as android.content.Context.
Describe alternatives you've considered
Alternatives:
- Do nothing wrt Android security
- Create a separate Android-specific SDK
- Create an authentication-specific artifact that will be consumed only by Android developers.
Additional context
N/A