I read that we should have git ignore export.cfg and export_presets.cfg because they can have confidential information if your project has an android export preset. However, this merged pull request seems to fix that issue. However, I’m not familiar with this android security stuff. Am I misunderstanding something?
Well .gitignore has nothing to do with android security. Its more like you dont want to save credentials in the .git file history and share that publicly if its on an open Github project.
So if the behavior of exporting has been separated, i would ignore the export_credentials.cfg, but track the export_preset.cfg. so if you have a team they dont need to make the preset themselves, and you can pass/create the credentials separately.
As far as android goes i do not think those config files make it to the apk. And if they do you could probably put them in a secure store so the user doesnt have free access to it.