New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security concern for Google Key #51

sandropoluan opened this Issue Jul 8, 2017 · 4 comments


None yet
5 participants

sandropoluan commented Jul 8, 2017

import Geocoder from 'react-native-geocoder'; // simply add your google key Geocoder.fallbackToGoogle(MY_KEY);
Is it save to put the KEY on javascript file (client side) ?
Will it not be readable by someone?


This comment has been minimized.

sibelius commented Jul 8, 2017

You can use react-native-dotenv and keep your keys outside the code


This comment has been minimized.

brunsy commented Aug 2, 2017

@sandropoluan, The app keys can still be reverse engineered. You will need to design your app with that in mind.


This comment has been minimized.

victorbadila commented Sep 11, 2017

to comment on this I think it is definitely not safe, however I don't think there is any alternative to this if you want to fallback to google api solely from the client app. the fallback thing is optional though, so up to each one whether they want to risk exposing their key or not. would adding this warning to the documentation be enough in order to close this issue?


This comment has been minimized.

gareys commented Jun 9, 2018

I know this is stale, but you have to place your API key in the client-side application for the client-side google maps api to work. That being said, they allow you to restrict access to IP addresses, referrer URLs and mobile apps. Client side maps API keys are everywhere, you just have to restrict access to them appropriately to avoid being exploited. See and

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment