I think it is totally depending on where you store the keys. For example, they can come from the BuildConfig, Strings.xml or even hardcoded. In cases, I would advise a wrapper class so you can inject your constants provider where you need it and also make it testable. Also, you might wanna store some of these keys on the backend side so people cannot dig through your APK looking for unsecured api keys. To have such a key/constant/whatever provider would in any case abstract away the logic, making sure that if you ever change the place where they are stored the rest of your code is not affected