When following the recommended option to add Firebase to your Android app, the Firebase Console tells you to download a file named "google-services.json" (which contains API Keys from your Firebase Project) and add it to your app directory. And that makes you wonder: how sensitive are those keys? Should I encrypt it before shipping it with my app? Can I commit it to version control? Is my project going to be publicly exposed and vulnerable?