I am using the Google Places.GEO_DATA_API in my Android Library Project. My Android Library Project comes with its own UI and allows users of the parent app to complete a certain action. I am running into following issues with respect to merging my Android SDK into a Android application when using third party API like this.

These Issues assume, that my library project and the App that Integrates my library project are both using same API for instance Google Places.GEO_DATA_API

Issue 1: Manifest merge conflicts if parent app is also using the same API

According to the documentation, I should specify the API key in my manifest file under application tag as

<meta-data
android:name="com.google.android.geo.API_KEY"
android:value=“our_key"/> 

I was able to resolve this issue by moving the api name and value to build.gradle file and having a reference in manifest file

<meta-data android:name="@string/google_api_name"  
 android:value="@string/google_api_key" />                                         

Issue 2: The above fix just avoids the conflict at compile time but the Parent app can still abuse my key and use it for the calls they make in their app by creating their own instance of Google API Client and calling the Places Autocomplete API. I tested this and the calls go through.

I tried adding package name and fingerprint to Google API Console to restrict usage. This helped when I tried to make the API call from parent app but since my library is integrated within the Parent app, I am assuming Google thinks that the call is coming from Parent app (package) and not my package, and it blocks the calls made by my library.

Since the Google API Client builder does not allows to pass the API key as a parameter, The only near term solution is to not use the API. Can somoene please suggest a solution for this problem.

You should not include the credentials in your library. That should be the responsibility of the parent app. If you keep the <meta-data .../> tag then it will be merged with the parent app. Same with your APK key in the strings. So since your library contains the string google_api_key the resource merger will also make the string google_api_key available to the parent app.

Your only solution is to force the parent app to be configured with the meta-data tag in their AndroidManifest.xml not that of the library.