I'm building a Native app with React Native. I was once a web programmer and it's my first time using React Native and making native app especially which is going to be actual product and serve for normal users. During my struggle, I've encountered some issue that I, as a former web programmer, can't find a way out.
In my app, I call some APIs that any other app would/could be using, like Google Maps via react-native-maps library. My API keys are saved at files that are used when actually build the app, info.plist and AppDelegate.m ( building iOS app first by now ). I've thought that would be safe enough. But I recently find out it might not.
After reading some articles about getting rid of secret informations from native apps, I've tried hard to find a way out. Thought about using .env, getting api keys from backend server, etc. couldn't use .env, and can't find a way to call API, sending API keys ( not containing them as a build meta data ).
So here's my question. How can I keep my secrets safe for react native app?