I'm getting app events through Firebase analytics on Android, and when I query the data in BigQuery I find that many (not all) of the devices don't have a "resettable_device_id" (which is the IDFA according to:
https://support.google.com/firebase/answer/7029846?hl=en).
When I look in the app's database I do see identifiers that don't appear in BigQuery, but I know these are IDFAs because they match some of the BigQuery identifiers.
The app developer says that he gets the identifiers I see in the database from Play services, and he can't help with the Firebase side because the identifier is sent automatically by the SDK.
Why can't I get the identifiers? Can I change something in order to get them?
Related
Issue found: Invalid Data safety form
We reviewed your app’s Data safety form in Play Console and found discrepancies between it and how the app collects and shares user data. All apps are required to complete an accurate Data safety form that discloses their data collection and sharing practices - this is required even if your app does not collect any user data.
We detected user data transmitted off device that you have not disclosed in your app’s Data safety form as user data collected.
You must ensure that your app’s Data safety section accurately reflects your app’s data collection, sharing, and handling practices. This includes data collected and handled through any third-party libraries or SDKs used in your app. When available, we’ve included details on SDKs that contain code similar to the code in your APK that may be sending user data off device. You can check if your app uses any of these SDKs, but note that this list of SDKs may not be exhaustive. You must review and account for all data collected and shared by your app.
Issue details
We found an issue in the following area(s):
SPLIT_BUNDLE 3: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)
I tried to update the information in Data safety but still, have the same error.
SPLIT_BUNDLE 3: Policy Declaration - Data Safety Section: Device Or Other IDs Data Type - Device Or Other IDs (some common examples may include Advertising ID, Android ID, IMEI, BSSID, MAC address)
I am using Firebase Authentication and Firebase dynamic links in my android project. I have put restrictions in my API key here
https://console.cloud.google.com/apis/credentials/
and allowed only android app with the package name and signature i specified. But there are still people able to create accounts using my API key outside my application and using script. I don't know how is this possible. As per firebase docs, it should be restricted to only my app. Is there anything i am missing to prevent people creating accounts through script?
Note: I am just using Firebase authentication, No firestore or Realtime database.
This question already has answers here:
Is there any way to give everyone access to firestore database, but only via app?
(1 answer)
How can I set Rules in Firebase so that only my app can write on my database firestore?
(1 answer)
Closed 2 years ago.
I am currently building two apps(admin and customer) and both have added in a single firebase project. Both apps are using Firebase Auth(Phone Number) registration process. The admin app is mostly saving details in Firestore DB and the customer app is only can fetch these details for viewing purposes.
Currently, I don't define any rules for them as I am a little new in Firestore/Firebase Rules. But I am wondering to add some rules which will give permission to fetch only those apps which I have added in the same Firebase project where my admin app is. I may be wrong but I think anyone can able to access my admin data by if they will get those names or keys which I am using in my Collections.
So is there any way or rules which will give the data accessing permission to specific apps that I have added in my same firebase project?
There is no way to limit access to "just this app" in Firebase security rules. Anyone can take the configuration data from your app and use it to call the same API as you app uses.
For this reason you will need to make sure that your security rules model the logic that you want. You'll typically replicate some of the data access logic between your client-side application code, and the server-side security rules. This means that you're modeling who can take certain actions, not what code/application they use to do that.
Also see:
How can I set Rules in Firebase so that only my app can write on my database firestore?
Is there any way to give everyone access to firestore database, but only via app?
How to enable access of firestore data to my nativescript app only?
and many more from these previous questions about the topic
I really need the realtime data sync function for local DB and Google Firestore perfectly meet my requirement. But my only concern is: Does Firestore support mobile and table devices which don't have google service?
You can use the Cloud Firestore SDK on a device without Play services, but you will not be able to use it in tandem with Firebase Authentication, which currently does require Play. As a result, you can not effectively use any security rules that depend on a UID or anything else related to Auth.
How to export users who have downloaded the mobile apps?
Firebase can export the list of Authenticated users but there seems to be no built-in way to get the users who have downloaded the mobile apps:
https://firebase.google.com/docs/cli/auth
-- My specific use case --
I want to give a free purchase ticket only to the first 5000 +- users who have downloaded the apps.
Firebase Authentication has no built-in way to track from what platform a user accesses your app.
The closest I can think of is to set the user's ID in Google Analytics for Firebase, and track the platform there.
The alternative would be (as Joshua commented) to have the native apps write a for for each user to a database (like the Realtime Database or Cloud Firestore). If you choose this approach, you'll have to find a way to secure that write though. Here too Firebase doesn't have anything built in to only allow writes from certain platforms, so it's up to you to come up with a security scheme.