Hacker News new | ask | show | jobs
by berg43w2t3t 3234 days ago
I think it might be relevant, this seems to indicate that google is hardcoding their API keys in the shipped chrome binaries. These exceeded, and broke functionality in the app. This seems like a bad security practice and it is very relevant to call it out here.
2 comments
NateyJay 3234 days ago
There's really no practical alternative but to ship binaries with baked in API keys.

Maybe you dynamically provision API keys, but the binary needs a baked in permission to access that API to start with...

link
captn3m0 3234 days ago
so every release goes out with its own API key?
link
dbbk 3234 days ago
Well, they're obviously going to have to hardcode something into the binary, I think you're imagining an issue that doesn't exist.
link