Google Maps API key stored as plain text leading to DOS and financial damage
Medium
Z
Zenly
Submitted None
Team Summary
Official summary from Zenly
The researcher highlighted the fact that the Google Maps API key (which is by design easily retrievable from the .apk) was missing some restrictions. It then could be used by anyone to query the Google Static Map API, and possibly lead to financial damage. Resolved by enforcing missing restrictions.
Actions:
Reported by
sdushantha
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Bounty
$750.00
Submitted
Weakness
Cleartext Storage of Sensitive Information