I want to make my Android code “open source” and this link says there is certain sensible information in the build.gradle files that should not be published:
https://developer.android.com/studio/publish/app-signing.html#secure-shared-keystore
The thing is that I cannot see such information in my build.gradle files. No passwords nor anything sensible. I sign the apk with a digital certificate by using Android Studio’s “wizard”.
Could it be that the link above is out of date and perhaps, with a new Android Studio version that sensible information is not put in the build.gradle any more? Or what am I missing?
Thanks
Android Studio doesn't add anything to your build.gradle files. The so-called 'wizard' uses standalone jarsigner, and the credentials are provided each time or cached by the IDE, so it's like you used the second method. The first method describes a way to sign apks using a gradle task, which is also an option, but it seems, not the one you're using.
To conclude, you don't need to provide signing config to build.gradle to have the ability to sign apks. So unless you have any other secure keys in your files, you should be fine.