Xcode: Hide GoogleService-Info.plist when Building IPA iOS
Im new to Flutter and iOS, and Im currently building a Flutter IOS with Firebase Cloud Messaging integrated into the application. I have a GoogleService-Info.plist for two flavors (UAT and Production) in my Xcode Runner project. However, during a recent penetration testing, one of the findings is the penetration tester could see the API Key in the GoogleService-Info.plist from built the IPA file. Is there any way I can hide the GoogleService-Info.plist so no one can see the GoogleService-Info.plist contents after I built the IPA file? Attached is screenshot of the file structure of the Xcode runner:
Typically there is no way to do it
But I think Google still uses this approach because actually, this file doesn't need to be secured, see the image attached below
So if someone can get it, no security leak -> no need to worry about this file
More details https://firebase.google.com/docs/projects/api-keys
If you would like to have more secure on firebase data access, refer to https://firebase.google.com/docs/projects/api-keys#apply-restrictions
- Errors Launching Flutter app in iOS Simulator
- Emulator Only Appears in Taskbar and Not on Screen When Launched from VS Code
- How to debug Flutter app that starts from a killed / terminated state , eg receiving an FCM message?
- How to view Flutter debug console output for a release version of the app?
- Target debug_ios_bundle_flutter_assets failed:
- flutter doctor --android-licenses gives a java error
- CocoaPods could not find compatible versions for pod "Firebase/CoreOnly"
- what should I do to change the MACOSX_DEPLOYMENT_TARGET when build flutter macos app
- How to vertically center widgets in a Row and separate them with dots in Flutter?
- Can a flutter web app be deployed on hostinger?
- "Swift Compiler Error (Xcode): Method does not override any method from its superclass" error after updating Xcode
- Riverpod - How to access a provider in a test?
- Alert + Data FCM message does not always trigger FirebaseMessaging.onMessage on iOS
- Adjust size of DropdownButton in Flutter
- Execution failed for task ':app:signReleaseBundle'
- Flutter Sqlite Exception,No such table, SQL logic Error
- Flutter debug Apk decompile to get the source code
- How to import platform specific dependency in Flutter/Dart? (Combine Web with Android/iOS)
- Difference between context.mounted and mounted in flutter
- Invalid depfile: Flutter
- Flutter : image assets are not showing in android build
- Flutter Firebase Query: whereIn filter returning 0 posts
- How I can Detect Developer options enable or disable in flutter?
- google_sign_in plugin: PlatformException(sign_in_failed, com.google.android.gms.common.api.ApiException: 10: , null)
- How do I stack widgets overlapping each other in flutter
- Unhandled Exception: PlatformException(channel-error, Unable to establish connection on channel., null, null)
- Flutter: Benefit of passing DefaultFirebaseOptions.currentPlatform to Firebase.initializeApp()?
- is there any way to cancel a dart Future?
- How can I get the latitude and longitude bounds of the CarPlay POI template map screen?
- Bad state: Stream has already been listened to compression progress listener