我打算制作一个使用Google Maps API的应用。我们都知道搜索等不是免费的。
此API KEY需要保存在应用程序代码中,可以进行逆向工程和提取。
如果有人使用僵尸网络+我的apk文件来排空我的Google地图帐户怎么办?
如果您的API密钥不受限制,您可以看到$$高额账单。
要限制它,请按照以下步骤操作:
设置API密钥的应用程序限制
Visit the credentials panel.
Select the API key that you want to set a restriction on. The API key property page appears.
Under Key restrictions, select Application restrictions.
Select one of the restriction types and supply the requested information following the restriction list.
Android apps
Add your package name and SHA-1 signing-certificate fingerprint to restrict usage to your Android app.
Below the types, add the SHA-1 signing-certificate fingersprint and your Android package name from your AndroidManifest.xml file.
iOS apps
Accept requests from the iOS app with the bundle identifier that you supply.
Below the types, select the appropriate iOS bundle identifier from the list.
Click Save.
The restriction becomes part of the API key definition after this step. If you fail to provide the appropriate details or do not click “Save”, the API key will not be restricted.