So I have a personal project, which is on github, but is now private, because it uses firebase database, and using the app lets you control my house lights, etc.
How can I make my app public without letting using my database?
App doesn't require any authentication.
Don't check in your google-services.json file. This is where the app gains knowledge of how to access the database. Instruct the users of your source code to create their own Firebase project and add their own google-services.json file to the project to get their own database to work with.
By the way, if your app doesn't use Firebase Authentication and it's given permission to read and write the database, then anyone who knows the name of your project will also be able to read and write the database. The name of your database can be gained by simply breaking down the APK.
Related
I currently have 2 firebase/google cloud projects. One for frontend and one for backend where app engine is hosted. I wanted to use firebase to send push notifications from the FCM token.
The code that I am using is the following:
Firebase.app = admin.initializeApp();
What this does is that it uses my backends firebase project not the firebase project of my frontend.
To connect to a different project's firebase I will have to do the following to my knowledge:
Firebase.app = admin.initializeApp({
credential: admin.credential.applicationDefault(),
});
And I will need to have an environment variable named GOOGLE_APPLICATION_CREDENTIALS
which will have to point to a google-credentials.json file containing the JSON object with the google credentials of the different applications.
I don't upload my google credentials json file as I am using cloud build from my Github.
I was trying the following approach:
Create a Base64 string of the json object and store it in a variable and then create a json file from the decoded base64 string and then point to the GOOGLE_APPLICATION_CREDENTIALS to the created file. But the google app engine does not allow for writing to files, so this is a dead-end unless there is something that will allow me to write to a file.
Is there some way I can link the firebase project of the frontend to the google cloud project of my backend so that the google cloud project directly links up the frontend's firebase project. If not then is there a way in which I can migrate the firebase project easily from the frontend firebase project to the backend firebase project?
Any suggestion would be a great help. Thanks!
There is no direct way to migrate the Firebase Application from one project to another project. You can refer to this stackoverflow thread to find this.
Also there is no way to migrate an App Engine application from one project to another. Instead you have to deploy the App Engine application in the new project.
So your concern narrows down to the fact that which one will be easier for you. I would suggest deploying the App Engine application in the same project where your Firebase frontend is already present. Because it seems easier as you only have to change the default project configuration in your SDK or Command Line Interface and follow this documentation.
We are developing an application with Firebase which includes some sensitive data like messages. I learned that realtime database is encrypted in servers but project administrators can see the data. So I thought we could continue to develop our application without data encryption and minimalize the developer count who has access the database.
Is there any way to develop firebase project without access to database (I thought making our own developer panel for debugging may be good idea) or we should encrypt our data?
If you are working in a big company or a big project using Firebase, how did you solve this problem?
I ran a security test via the ImmuniWeb tool on my Android app APK. One of the observations the tool made was that one of the app contains hard-coded sensitive data. It further said:
An attacker with access to the mobile application file can easily
extract this data from the application and use it in any further
attacks.
There is 'google_api_key', 'google_crash_reporting_api_key', and
'google_storage_bucket' found in file
'android/res/values/strings.xml'
The issue is that this strings.xml file is auto-generated and cannot be edited:
How do I clear this issue?
The data you're referring to is not "private" or "sensitive". This is a standard configuration for Firebase products that get injected into your app as part of a standard app build using the Google Play services plugin. All of those values are just identifiers for Firebase and Google services that need to be known by the client in order to address those services. Without them, your app wouldn't know where to go for information.
If you're using Realtime Database, Firestore, or Cloud Storage in your app, you should be using security rules for each for those products in order to limit who can read and write which locations in those products. That's how you implement security in apps that use Firebase. Trying to hide or obfuscate the configuration isn't going to foil a determined attacker.
I don't know anything about this tool you're using for this security scan, but it doesn't seem to be aware of these facts.
My friend have finished setting up a Firebase backend for an Android application, and the project is on his private firebase account. Now I am starting to code the iOS version which should access the same Firebase backend.
My question is this... do I need to get his firebase email and password to work on the project or there is a way to import it to my account so I can work on it ?
tip: The solution should be like that, if any change happen in iOS or Android, must change in both of them.
You can add multiple developers to a single project, and you can have multiple apps added to your project. Do the following: your friend must add you to the project, and you must create an iOS application for that project in Firebase.
I have an android app with a database. There was one option to export the data in the app to excel files. But now there is an error in export function. So I am not able to get the data. Is there any way to recover the data from the database with out rooting the device? Can I access the data in another app?
Fir security reasons there is no possibility to access a foreign database. The only possibility to access da data of an other app is the ContentProvider of an app.
If the app you want to access does not provide the possibility to access it from external via a ContentProvider, there is no legal possibility.
The only possibility might be the shared user id and sign both apps with the same key.
See this documentation for more details on the topic: http://developer.android.com/guide/topics/manifest/manifest-element.html#uid