本文是小编为大家收集整理的关于如何在反编译apk中获得Google-Service.Json文件?的处理/解决方法,可以参考本文帮助大家快速定位并解决问题,中文翻译不准确的可切换到English标签页查看源文。
问题描述
我想知道,在Android APK上进行反向工程时,可以获得google-service.json文件.因为在Firebase中,Google-Service JSON文件包含项目的所有键.
推荐答案
JSON文件不包含在您的APK中,发生的是您的Google/Firebase Gradle插件读取JSON文件并将其插入string资源文件中. 但是,通过使用apktool之类的工具,通过Reverese工程APK,任何人都可以访问这些资源文件,包括您的字符串资源文件和您放入Java代码中的原始字符串.
如果您对APK进行了反编译,则将从字符串资源文件中获取这些secret详细信息.
<string name="google_api_key">your key</string> <string name="firebase_database_url">firebase db url</string>
如果添加了firebase ACL,则只有授权的用户才能访问 数据以及您使用的密钥只能与APK一起使用 与您的密钥库签名(确保您生成的sha1哈希 Android App的Firebase控制台)
问题描述
I want to know that is it possible to get google-service.json file when reverse engineering on android apk. Because in firebase Google-Service json file contain all keys of project.
推荐答案
JSON file is not included in your APK, what happens is your google/firebase Gradle plugin reads the JSON file and inserts it in string resource file. But by reverese engineering an apk using tools like apktool, anyone can access these resource files including your string resource file and raw string you put in your java code.
If you decompile the APK, you will get these secret details from string resource files.
<string name="google_api_key">your key</string> <string name="firebase_database_url">firebase db url</string>
if you added firebase ACL, only authorized user can access the data, and also the key you are using can only be used with apk that signed with your keystore ( make sure sha1 hash you generated in firebase console for android app)
EDIT: For details on acl or protecting your firebase database operations see here
更多相关问答
联系站长