I am new to firebase and I am doing for chat application.
In my firebase console, I can see raw data like this. Since it is private information, can I hide some info (or all)?
If I cannot hide, I have used encryption for "text". So, in my mobile device, I encrypt and decrypt. It is still okay. Problem is I cannot search/query text because it is already encrypted in server. How shall I do?
If I can just hide data in firebase console, I don't need to do encryption, etc already. Purpose is to prevent developer (like me) to see user data.
There is no way to hide certain data in the Firebase console. The only thing you can do is revoke the permission of the developer to see the database altogether.
Doing client-side encryption/decryption (also known as end-to-end encryption) is a common solution for your scenario. But that does mean that your searches will also need to search for encrypted values.
While this is a bit tricky, it is possible and has been done by developer before you in a similar situation. If you're having trouble making it work, post a question with the minimal code that reproduces where got stuck and we'll have a look.
Related
For the past few days, I've been trying to understand what exactly is Firebase. I am in need of some more 'beginner-friendly' answers on the subject. My intention is to create a backend for my Android project. For my previous project , I used a GoDaddy host , PHP, MySQL and it did work just fine.
I am in need of stuff like these :
Storing string data. Like user email , password , profile picture path , number of friends etc.. (in a single row)
Uploading and downloading files. Video , audio
Creating a real time chat messaging system inside the app.
I am currently reading Firebase guides on user authentication. For example there is a method for signing a new user with email and password , but what if I want to store more than just email and password? Is Firebase fully customizable? Is it easy to use , or is it designed for professional developers only?
Firebase is fully customisable yes.
If you want to store more than an email,password etc, you can do so my creating a well structured JSON first. You can then try and map this to firebase db.
Firebase is a good and stable backend as a service platform and it is used by plenty of professional apps. It is fairly easy to use. Follow their youtube channel for tutorials. They have very good tutorials and explanations about how things work. I am in the exact same boat as you, learning firebase.
You may also want to look at alternatives like pubnub and pusher for the requirement of yours. They work in a similar way.
Hope this clears some of your doubts
Is there any downsides to using Google Account? Is there any limit?
Why ask this? It's because I played some android games for research and found out many of them don't save the user data just warning the users removing the games will remove whole data as well.
Ironically, all of them provided world rankings using Google Accounts.
So, I became curious and wanted to get some opinions of experienced people if there is no problem for beginners like me to use Google Account for backing up data.
The data is going to be created with SQLite so I cannot let users save in their own SDCards. If Google Account is not good for saving data, I need to get an FTP server instead. (I'm not sure if I can deal with it well, though.)
But I really wanted to use Google Account, so was just about to start to study it.
Can I just use Google Account for user data? or better to get my own FTP server?
There is something that Google offers which is known as the Android Backup Service. It's precise use case is when you want to save user's data online. There are several advantages to this:-
Easy API to call Backup Service
No need to maintain a separate FTP server, hence reduced cost saving both domain and hosting charges.
Unlimited Backup space for your user's individual app installation.
In case the user deletes the app, your app's data can be retrieved from the Android Backup service.
The developer page gives a fair amount of idea to anyone wanting to implement that kind of data backup support cost-effectively.
Is it possible that I store my SQLite table over a dropbox account and have all my users sync their tables with the stored table? Also be able to make changes to that table?
Your approach could work in theory, but there are so many issues involved, that you're better off not doing it. If you wish to store and make data available across all devices belonging to a user, I strongly recommend looking into Datastore API by Dropbox. The API will take care of storing data locally as well as synchronize it over connected Dropbox accounts.
If you want a bit modular approach, you can use Windows Azure Mobile Services. These give you REST APIs to store your data in cloud. However, synchronization has to be handled by the developer - you. I have written a small library to do that here: http://bit.ly/ProjectMirror It's for Windows Phone, but Android version is already in a sister repo there. You could extend it. Let us know how that goes.
In addition to these services, Parse SDK is a good option. It requires you to pay after a while, though. In addition to what you want to do, it also provides other things like user management and so on. But, be aware that some of those operations may require you a live Internet connection.
So, in essence, if you want seamless data storage and sync, use Datastore. Be aware that you'll have no control over the server side. Also, your data will be restricted to the Dropbox ecosystem forever. If you plan on further expanding your app to other platforms, go with Azure and handle the sync. If you want lots of features, go with the Parse.
I would suggest looking into Google Play Game Services using the Cloud Save feature. Even if you are not building a game this feature lets you sync sqlite data in the cloud and Google will handle most of the work for you.
OR you could use a cloud based database which supports both push and pull. That means:
Scenario 1:
Your users change something on their phones. Changes are uploaded to the database. The database then pushes these changes to all other users.
Scenario 2:
Your users change something and upload this to the database. But instead of the cloud based server pushing the changes to all users, the users phones can ask the database for new data at intervals.
All this is very easy to set up. It took me about five, ten minutes. Just follow this easy tutorial:
https://parse.com/docs/android_guide
and for push:
https://parse.com/tutorials/android-push-notifications
We now use this for our company app, storing statistics for example.
Bear in mind that syncing can become complex. Try to keep it very simple, especially if you are new at programming.
I want users to send textual feedback to myself(the developer) directly(without involving Google Play).
Hence, I can get the suggestions to improve my app directly to myself, instead of users writing negative reviews on Google Play.
I do not own a website nor have access to any server.
I do not want to use ACTION_SEND, as that opens an email app.
I'm an android beginner and this is my first app.
Maybe that data can be stored in a database(on cloud, common to all users) that I can access at any time I want?
After researching, I think GCM is supposed to be used, but I no idea how to go about it.
Please tell me the easiest way to implement this.
Thank You.
That is not what exactly what GCM is for. GCM is primarily for sending data from the cloud to the the devices.
You are correct in thinking that one option is to store the data in a database in the cloud. You could use http://pythonanywhere.com free account and build a web app that provides you endpoints which will save and retrieve data to a SQLite db pretty easily (if you have knowledge of python and server side web concepts).
Another perhaps simpler option is to use a pre-existing cloud database solution http://www.parse.com is a cloud backend that also has a free-to-use option that you can use to store arbitrary data. It is pretty easy to get up and running if you follow their many nice Android tutorials.
One last option I will present is to use a Google Spreadsheet with a Form associated to it. Once you create a form if you know the right url and parameters you can send a post request to insert arbitrary data into your spreadsheet. I've created a library that simplifies the process of uploading. GoogleFormUploader. If you need help getting your form set up you can watch the relevant portion of my video tutorial covering this topic
I am creating an app where the user does some things during a game, and these actions are logged in a SQLite-database. At the end of the game the app presents these logs through a screen, which are read by the game administrators (like, physically read by the game administrators watching the screen). Is there some ways for the contestants to manipulate the database, and if not, what security measures prevent them from doing this?
The database is stored under /data/data/your.applications.package/databases. Normally this location could only be access by the user the Android OS created for the app. No other user is able to access this location unless the device is rooted. Then any user can access any location on the phone and manipulate the data.
So if you want to prevent users from cheating you need some way to check if the values in the database are untouched. Perhaps you can store some kind of fingerprint on a server to check this.
Yes, you can do it programatically, as long as you are the developer. Here is the Android docs for SQLiteDatabase.
Here are some links for working with SQLiteDatabases programatically:
From Android docs
From a blog
From another blog
The SQLiteDatabase in an application should be 'sandboxed' to that specific application, meaning that no other application should be able to get to that data, as long as the developer didn't provide access to it with a ContentProvider. So to answer your final question, no, there should not be a way for contestants to manipulate the database, except in ways that the developer has already allowed.
Yes, users can examine and change the database when connected over USB via ADB: http://developer.android.com/guide/developing/tools/adb.html#shellcommands
Update:
This only works on rooted devices or official Google Dev devices: Why do I get access denied to data folder when using adb?
Still, this would allow users to access database and change game results. So you can not rely on databse not being accessible..
Unless you issue the devices to users and you carefully watch what they do with them, to be secure against anyone determined, you need to digitally sign the entries in the database using a mechanism hidden in strongly obfuscated application code. And even that only makes it harder.
Note that using a server does not help unless a key part of the game logic itself is implemented in the server; if the user knows how to fake your signing mechanism to write fake database entries, they can also send fake reports to your server.
You can use Proguard to obfuscate your code.
Also have the database be unique with a particular id according to the device id with some sort of server callback, to validate the database.