Interesting concept. I’ve been thinking about how to secure important Strings such as the ones generated from the google-services.json file with your strategy above.

Once you have the String resources would you recommend storing them on Firebase Remote Config? Then, the resources are not stored directly on the device if a malicious user wants to decompile the app and find the strings. Rather, the strings are passed via an encrypted HTTPs response.

I’ve outlined this potential security measure in a StackOverflow answer.

Open Sourcer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store