I have an app that uses SQLite to store the users' data (stats and such). The app doesn't require users to sign up or log in. I would like to add the capability for cloud syncing of data to the app, so Cloud Firestore sounds like a great fit. However I don't want to force users to sign up or log in if they don't want to use cloud syncing features.
Is there some clever way to use Firestore locally without having to log in users? That way I could convert the SQLite data to non-relational format once and have one place where the data is stored. Otherwise I'd have to maintain and update two databases - one for users who don't want to sign up/log in, and another for those that do.
Cloud Firestore doesn't require users to sign in. You can easily use Firestore without having the users sign in. I do this all the time, since data in my apps is often simply shared between all users without any sense of ownership.
However: finding a user's data in a cloud-hosted database requires that you're able to identify the user. If you already have a way to identify them, then you can continue to use that identification with Firestore.
If you don't currently have a way to identify users, I recommend looking at Firebase's anonymous authentication. This is a completely transparent, non-interactive way to add a user identification token.
Related
I have an app, that on the first start generates a random user id and password to set up an account on my server and store them in the shared preferences.
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
On iOS, this is a trivial task but I am still trying to figure out how to achieve this on Android. I tried an approach with Firestore, but it seems to be able to write to the Firebase database, the user has to log in with Firebase. I assumed being logged in to a Google Account on the device would do this, but I still get invalid permissions back when writing data.
I do not want to force the user to a separate login.
Any ideas on how to approach this task? Is it possible on Android at all?
I have an app, that on first start generates a random user ID and password to set up an account on my server and store them in the shared preferences.
If you have your own server where you authenticate the users, and you also want to authenticate to Firebase, then I recommend you check:
Custom Authentication System
I am looking for a way to write this data into the cloud so that if the user installs the app on a second device it will retrieve this account data and use them on the second device as well.
You just should never simply store the credentials in Firestore. Storing passwords in cleartext is one of the worst security risks you can inflict on your users. You should either use authentication with your custom system or use one of the existing providers, like Google, Facebook, etc.
I tried an approach with Firestore, but it seems to be able to write to the database, the user has to log in with Firebase.
It's recommended to authenticate the user in Firebase before reading/writing data from/to Firestore because you can secure your database using Firestore Security Rules.
P.S. Don't store data in ShartedPreferences because this type of data is stored locally and doesn't persist application uninstalls.
I am making one Android app where I am using Firebase Realtime Database. However, I want user to give choice to either use my firebase database or their own. Is this even possible? Is there way to configure android app such that user can use their own Firebase-Database? Maybe by using their own API keys/project-url or something?
I am looking for implementation like Google-Drive API, where one can store content to users own Google Drive.
Currently, I can think of only one possible way to achieve this : user compiling their own app with their own google.json file.
You would have to get them to provide all the data that would be passed to a call to initializeApp via FirebaseOptions, then use the returned FirebaseApp instance for all database access.
They would also have to configure Firebase Authentication and security ruels so they don't have a publicly readable and writable database instance, and your app would have to manage the user sign-in.
This is all going to be a non-trivial amount of work for both you and the user, if you choose to implement it.
I am using firebase as backend for my android app. I recently came across database security rules. In my app, any user can access only some specific data to which I have created a DatabaseReference to, in the code of the app. So why do we need security rules if I specify the portions of data the user can access through the app, in the code itself?
Because your code can easily be changed to do whatever an attacker wants. The rules one the server can't be changed or circumvented in any way, except by knowing how to log in to your Google account.
The title doesn't really indicates what I mean:
I am searching for a secure way to save user data (a point system for a game - under no circumstances the user should have the ability to change his amount of points). And I stumbled across firebase, which seems pretty nice and easy.
But:
If I give the app the rights to directly write the users new points to the database it is pretty insecure, right? I mean, someone could decompile the app and get the keys from firebase so that anyone could write to the database, or am I wrong?
Also, what would be the best way to save those "new point" into a firebase realtime database?
Edit: I am already securing my app with pro-guard but that just makes it more difficult for users to get the key, I guess.
The Firebase configuration data in your app is not a security concern. It is simply information that your app needs to find its Firebase project on the servers. See Is it safe to expose Firebase apiKey to the public?.
To properly secure data you write security rules, which are evaluated on the server. With these you ensure that users can only read the data you want them to and that only authorized users can make valid changes.
In cases where security rules become more complex than is feasible, you can consider proxying the read/write through Cloud Functions for Firebase. With Cloud Functions your code runs on Google's servers, so you have to worry less about user modifying the code for malicious purposes.
its secure if you use cloud code. This way everything is going through the server to save it and a user has no way to change that unless they have access to your cloud code.
I am using Parse.com with android backed app and wanted to store some of data specific to application not user's data.
So, is there anyway I can accomplish this without login in any user & store data which belong to app not user.
Sure.. You can create and query objects on Parse regardless of whether you're logged in or not. You can also call cloud functions.
I would recommend using a Cloud Function, locking down the security of the classes you're using to store the data, and using the Master Key in the cloud function to access/write to the data securely.