2

While decompiling an APK file for Android, I have found an io.fabric.ApiKey key and value stored in manifest file.

My questions are:

  1. Can we use the API key with malicious intends?

  2. Is it ok to be stored in manifest file?

Improve this question
0

1 Answer 1

Reset to default
3

The worst you can probably do is forging analytics data. Then again there's no way to generate a key per install (and even if there was this could be spoofed too). So yes you can abuse it, but the only way to secure it is probably by not doing crashanalytics at all.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .