Hi,
I am playing around with google maps on my mobile app and wondered what others do regarding securing (or hiding) their javascript maps API key?
At the moment it can be seen on the page source. This will be harder when the app is installed on a mobile but I know Android APK’s can be picked apart so it would be very easy to extract the API key (not sure about iOS apps).
I know I can restrict the services a key accesses and also only allow from a specific URL but not sure how I would do that with a mobile app.
I could store the key on my server and retrieve it with an API call (either at app launch or page level) and I could even encode the key in the app (but then the code to extract would still also be in the app.
Has anyone else overcome this issue (or even ignored it if I am being too paranoid)?
Thanks, Paul.
