Gcp api keys exposed

Yesterday I tried to publish app on play store … It’s still not published.
Then I saw there are 3 alerts on my play console written GCP API key exposed …
which is making publish sign YELLOW instead of GREEN. I think this is causing problem. HELP. Any kind of recommendation is also appreciated.

Since the current API 28 release is buggy, preventing former app from even compiling, all bets are off to resolve your issue until that gets fix. If anything, your problem may be the system, or a solution may be damaged when (if?) they fix that non compilation issue.

Perhaps we should consider hedging out bets and prepare for a possible migration to another environment; except that AppyBuilder is currently temporarily shut down while they upgrade to API 28. Meanwhile, I cannot find any reference to which API Kodular supports…

Your reply is technical .
What should I exactly do to publish this app ?
Is API keys exposed of previous apps is really a problem in publishing this one ?

Impossible to know.

What I know is that an app that was compiling before, has even been published to the play.google store, cannot be compiled anymore.

If something that was working perfectly stops working because of the compiler, then anything that does not work could also be because of that.

And if this is not because of that, then any fix could be affected when they repair the compiler.
Earlier this week, they fixed a snag that cause all the parameters returned by event blocks to be names “undefined”. When that was fixed, it was found that some restored parameters were renamed (the parameter returned by “OtherScreenClosed” went form being “other ScreenName” to “other Screen Name”; enough to cause a red X error).

there is a high chance that apps already published and apps i am working on can never be on playstore because maybe play store does not publishes my app .
is that correct ?

if i just keep on waiting , do you think there will be a day when my app will be automatically published on play store

What I am saying is that the errors you see that prevent form being published may not be correctable on your side if they are the result of a compiler error.
Not saying that they are, saying that they might be and that efforts to correct them may be for naught if whatever fix is introduced to the compiler merely pushes the error somewhere else.
What you can do now is investigate your issue, as opposed to expect having a perfect and ready to publish apk.

You will have a better chance of cleaning your app of error once the compiler is fixed.

I am having the same issue. What would be the bet What to move forward?

Try and see if the code works when the apk is generated using the “Export -> App” option (API 26). If you only have an issue when using the API 28 compiler (“Export -> App for Google Play”) keep developing while the Thunkable staff fixes the API 28 compiler limitations.


In the pre-launch-report still shows the following error alert:

Your app contains exposed Google Cloud Platform (GCP) API keys

It happens both in API 26 and API 28.

Do you have any update in what would be the cause and how to overcome the issue?

Thanks for your feedback and comments,


Sorry, I do not know–my apps are essentially self-contained with the exception of one access to a web page (my philosophy is that an app should still work if you are out of wifi/cell phone range) so would not know right off the bat why your app has “exposed keys”.

What is it that your application is using that is from the cloud?

I understand.

My app is using firebase. I used before (API 26) without any problem, but now I can not get rid of that warning.



Read this:

I therefore assume you could put the key in a variable, and then use the variable instead of specifying the key directly.

I think I understand your idea, but the firebase extension do not have a component as “set key”.


I don’t see how can set the key in any other way.



In your program, what is attached to the right of the “set Firebase_DB1.Project Bucket” instruction?

That part, the one that would be attached to the right, is what perhaps needs to be not made obvious.

Apparently, in Google parlance, whatever value a Project Bucket may take is considered a “key”.

All right!. I’ll change it and then make another try. I’ll keep any progress update here later on. Thanks for your advise!.