https://github.com/googleads/googleads-mobile-flutter/issues/622
It looks like it used to be bundled as part of binaries shipped by Google with the Google Ads SDK so that’d be why it’s not exactly documented. Developers just bundle it in their app and presto, ads are displayed.
I’d be skeptical of scanners just spewing “security vulnerabilities”. That malware report is of very poor quality, and they incorrectly identified this key as an API key leak with no idea what it is nor what it does because it’s not relevant. It’s also claiming it’s downloading files… using private IP addresses in the 10.0.0.0/8 range? Nonsense. That report is a lame report to pad their portfolio of “security researchers”.
Fedora Atomic / uBlue