GCM Google-services.json storing api key - google-cloud-messaging

I am implementing GCM with android client and according to the google documentation I need to download the google-services.json and add it to the module. I notice that the google-services.json contains the api key for the project. Is it wise to include the api key in the project?
In my scenario I have to use GCM with android using AWS, in the aws documentation they are simply adding the project number for registration
http://docs.aws.amazon.com/sns/latest/dg/mobile-push-gcm.html
But in android studio when I add dependency in the build.gradle I am getting compilation error for missing google-services.json.
com.google.gms:google-services:
so my question is there a way I can skip the google-services.json in the android studio project? and if not then is it wise to include the api key in that file?
Thanks
P

As have been discussed in this thread, "google-services.json contains developer credentials and configuration settings, which is needed to verify while connecting with GoogleApiClient". However, it was also mentioned that GCM has been used before without google-services.json .

Related

Flutter REST API Security

I'm using REST API key in my flutter project in lib folder so is there any chance for someone to decompile the apk and see my API key? Is it secured?
Can a user decompile the apk and get rest api key and write into my database by postman or sth like that?
If you don't share your APK which is generated in debug mode, it won't be easy to access your API key. You should always consider building your APK in release mode. And you can obfuscate your APK too.

Generate google-services.json for firebase via API

Since we've upgraded from GCM to FCM we have a problem because the app suddenly needs a custom google-services.json and I don't seem to find a API or cli tool which enables me to add new apps and generate a new file.
Has someone found a way to automate this?
There is currently no API to generate a google-services.json. You can download it from your Firebase Console by selecting your project and then clicking to manage your Android app.

Does upgrading GCM preserve the current API Key in use?

I am upgrading a project that has an older version of GCM (7.5) to the latest version of GCM (9.2). The current project already has a server API key and that key is in use to send push notifications to current users of the app. My specific question is if we generate the JSON configuration file for the current app with it re-create(create a new API key) or over-write the current API key we have in use? We would like to avoid having to do that if possible.
Thank you in advance for any clarity that can be provided.
I haven't experienced upgrading a lower version of GCM to a higher version, but to test this out, I tried importing a Google Project to the Firebase Console (so its like GCM to FCM), keeping in check the current Server Key.
After successfully importing the project to Firebase, the Server Key from before is retained, and can be seen being used in the Firebase Console. So I think the same behavior can also be expected when upgrading a lower GCM version to a higher version.
I also don't see why the Server API key would re-generate if the GCM project is upgraded.
Though I'm not entirely sure. Hope this helps somehow. Cheers!

Google-cloud-messaging key not visible in console

In my app gcm server key that is being used on server is not visible on google developer console.
Hence when i am trying to use google-services.json approach to integrate analytics its resulting in creating new key and project id.
how do i get google-services.json file for existing project.
Follow this link to get a configuration file to add to your project. The configuration file provides service-specific information for your app. To get it, you must select an existing project for your app. Check this documentation.

Changing Android API Key for GCM

I have inherited a GCM application to send messages to android phones. We have an Android API Key set up that may have been compromised. I would just like to ensure that I change it in a way that doesn't break the apps that are currently running.
I think what I do is:
Create a new Android API Key here: https://console.developers.google.com/project/my-project-name/apiui/credential
Delete the existing Android API Key
As I understand it from the docs, when I create my new API Key from the last apk generated, the SHA1 I used to generate it, along with the package name, should match up to my already-deployed android apps. I should not need to re-upload an apk.
Is that correct?
Thanks!
Yes and no.
YES, if you are using OAuth 2.0, which depends only on the SHA1 and package name;
NO, if you are using API key, which usually require you to place your key in your manifest file.