The server key stays in the code, so if someone decompiles the source eventually they can see the key even with proguard on i believe. How can i get proguard to obfuscate this or at least optimize the obfuscation.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
The server key stays in the code, so if someone decompiles the source eventually they can see the key even with proguard on i believe. How can i get proguard to obfuscate this or at least optimize the obfuscation.
You have no problem here. There are two “keys”, the senderId (which belongs in the Android Code) and your API Key.
The senderId in the App only states from which server the APP will allow receiving messages. There is no way someone can exploit this to send messages.
The API Key should be kept secret. This is the key used in the server to identify at the GCM Server. This key should NOT in any case be in the source of your app.
So i suggest you carefully re-read the GCM Guide in order to understand the complete relations.