Menu
I am using Here maps Premium SDK 3.15 and in the documentation, it says to set id, token, and license in the android manifest file. I set id, token, and license in build.gradle as a manifest placeholder and put in Android.manifest like below.
<!-- Here Maps -->
<meta-data android:name="com.here.android.maps.appid"
android:value="${here_map_app_id}"/>
<meta-data android:name="com.here.android.maps.apptoken"
android:value="${here_map_app_code}"/>
<meta-data android:name="com.here.android.maps.license.key"
android:value="${here_map_licence_key}"/>
My project run into static code analysis and one of the finding is "Hard-Coded Secret Tokens Present in Application Code". It means I keep the here map credentials in build.gradle and it's not ok.
My question is where should I keep these credentials and is there a way setup Here maps SDK programmatically instead of Android. manifest (In case, I do not keep in the project and retrieve from Backend)
589
No you cannot programmatically alter the manifest file or resources except by gradle injection. According to Here maps : https://developer.here.com/documentation/android-premium/3.15/dev_guide/topics/credentials.html there is only one way to set the credentials ,however you can take some security measures see https://stackoverflow.com/a/46475968/8461344
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
