I'm building a Flutter app (ios/android) and I want to implement Google Social Login.
When I created my Google Cloud OAuth credentials I was provided a ClientId which I'm to use to create the GoogleSignIn object, so it must be used in my flutter app.
Is there a recommended approach to store these types of keys on the flutter app side? I'm not sure what are the security liabilities involved and so I come to you for help.
So far I had no keys on my flutter app and I'm just not sure if exposing (reverse engineering) this Google OAuth Client Id is even a problem.
The short answer is yes.
If you want to read more about it here's an article: Is it safe to expose your Firebase API key to the public?