I am planning to switch to Firebase as my local and online database for my Android app. As per the docs, Firebase stores changes to the local database first and then pushed it to the online DB when network is available.
In my app, I would be putting some really sensitive data about the user in the database. So here are my questions,
How secure is the local Firebase database?
How difficult is it for a well-intentioned hacker with the right tools to hack it?
Is it just a simple JSON file like the online database, which anyone with root access can open?
Thanks.
In a general sense, Firebase Realtime Database can be used while offline. However, the expectation is that the app is supposed to be connected most of the time, and changes to the database that happen while offline will be synchronized when it has connectivity. 100% offline use is not really a supported use case, because the canonical data store is on the server.
The local copy of the database is limited to (10MB, at least on Android this is the case). If you intend to write to the database beyond this limit while offline, it will evict part of your cached data to make room for whatever you’re adding. Then, you will no longer be able to read those evicted values until the app goes back online. Worse, managing a growing list of writes to apply when back online is taxing on the app, so you don’t want to plan a lot of writes while offline.
Also, if you have permissions or validations defined for your database, these can only be checked on the server. So, if you’re doing offline writing to your local cache and you no longer have an active listener, you may never know if those writes fail.
Because of these caveats, it’s better not to think of Firebase Realtime Database as an “offline” database. It’s better to think of it as a “synchronized” database that actively syncs to the server while connectivity is present.
Related
From this site: https://developer.android.com/training/data-storage/room
".. The most common use case is to cache relevant pieces of data. That way, when the device cannot access the network, the user can still browse that content while they are offline. Any user-initiated content changes are then synced to the server after the device is back online."
Why is rooming trying to access the network, when the data is stored locally as Room is a local database?
That description seems wrong or do I misunderstand something?
Room doesn't require network access.
That is just giving an example of a situation where SQLite (and therefore Room) can be useful as SQlite is an embedded database. That is if the App gets data via the network but the device may not always have access then some data can be stored locally on the device freeing it from permenant newtwork access.
It is quite feasible to have Apps that use Room that have no network access at all. In which case the data would either be input by the device's user or perhaps distributed via the APK.
The android app I am currently developing will mainly run offline. However while online, the users can connect to the DB to download the data they need. Furthermore they are able to manage the data offline, so they can remove the data they don't want to use. The users cannot modify the online database.
I am using Firebase with its Persistence enabled feature, to save the date for online use. My problem is, that I just cannot manage the data properly.
Since firebase downloads the whole database:
Is there a way to choose, which queries I want to download form firebase?
If not, can I delete those queries I don't want to use, from local content?
It looks like you don't want the sync feature of the firebase database.
However while online, the users can connect to the DB to download the
data they need. Furthermore they are able to manage the data offline,
so they can remove the data they don't want to use. The users cannot
modify the online database.
set write as false for this table in the rules and the modification will not be possible, since you have enabled disk persistence firebase will read the newer updates but wont write the user changes. Also it might discard the existing changes of the user(which the user removed) during the sync and put the newer ones from the cloud, so you might(as I have never tried this) end up doing the sync yourself, please search and read up on this.
Since firebase downloads the whole database: Is there a way to choose,
which queries I want to download form firebase? If not, can I delete
those queries I don't want to use, from local content?
You will have to turn off on the sync on the each of your table like shown below
DatabaseReference dbRef=FirebaseDatabase.getInstance().getReference("table-name");
dbRef.keepSynced(false);
Refer here in the docs. I think this has to be done on each node as there is no way to turn it off on the entire firebase realtime DB except disable disk persistance which you want in your case.
IMHO it looks like you are using firebase as a place to store your data in the cloud, in case the sync feature ends up discarding your local changes to sync the online ones you should consider using SQL-lite DB with Room ORM as it will serve your purpose of just fetching the data and modifying it locally, however the tradeoff here is that you will have to maintain the data in a proper manner to query the newer changes or see if there is any updates/deletes on any of the older records.
I am developing a chat app that uses firebase database to store data. The usual approach while developing a chat app is to keep the database nodes synced so that you access the messages offline. So the problem rises when I implement the firebase offline capabilities to keep the data nodes synced. Firebase suggests two required steps for accessing data offline:
Enabling disk persistance
this is enabled according to the documentation by using this line of code (in my case I add it in application class):
FirebaseDatabase.getInstance().setPersistanceEnabled(true);
and
Keeping a node synced
this is enabled by simply adding keepsynced(true) to any databasereference that you wish to keep synced, like this:
ChatNode.keepSynced(true);
What is the difference between the two?
According to the firebase team answers on this site, I deduced that:
1) (Disk persistance) stores the data on the device disk to use them when needed, and data is stored wether you write data or read data.
a) If you write data offline: data is stored on disk and is sent to database when you go online again.
b) If you read data offline: the listener that was read online and was kept in disk and stored, you will be able to read it offline from disk.
2) (keep synced true) will keep a database reference synced in 2 ways:
a) If you are also using (disk persistence) with (keep synced) you will be able to keep data synced on disk ... which seems to be the default behavior of (disk persistence).
b) If you are using (keep synced) alone then you only store to what is known as the app memory.
The problem
I did set both of the methods, but my app is now very laggy and slow and sometimes stops on its own.
The question
If all the things that I said above are true, then would this method of offline capability be a heavy load on my app?
If I kept many listeners synced and set persistence enabled, then would the disk become full of data? Should I clean the data? Is the data on disk cleaned by itself in both methods? Is data cleaned by itself from memory?
I want to avoid the lagging and slow response in my app, thanks for your help.
You are right about your assumptions. If you are using FirebaseDatabase.getInstance().setPersistenceEnabled(true); means that Firebase will create a local copy of your database which also means that every change that is made while you are offline, will be added to a queue. So, as this queue grows, local operations and application startup will slow down. So the speed depends on the dimension of that queue. But rememeber, Firebase is designed as an online database that can work for short to intermediate periods of being disconnected and not as an offline database.
Second, if are using many listeners, don't forget to remove the listener accordingly to the life-cycle of your activity like this:
databaseReference.removeEventListener(valueEventListener);
I am working on an application that will, basically, allow people to create, join and manage groups of other people. The people within the groups can also message each other.
I have been wondering which path would be better:
Keep a remote database with all the information, including messages sent to and from users. And have the app query the server every time it needs information. Even information it has seen before.
Keep a remote database with all the information, including messages sent to and from users. Also keep a local copy of the remote database and just keep it synced with the remote database. Whenever the app needs to query for information, it does a query to see if the local table is up to date. If it is not up to date, it updates the table and runs the query on the local table. This way it will keep a local copy and the app will have fast queries when there is not an update to the remote table.
What is generally done with mobile applications and remote databases?
Would it be "bad practice" if i just did number 1?
From my point of view, in most cases, the database in the mobile is just a cache of the real database, the one in the server. So, my suggestion will be to keep locally all data that you need syncing with the server. This allows you to show information even when no connection and show something to the user while the info is updated.
Also, this approach makes the local data volatile without risk, as it's stored in the server. So:
All info is in the server
With a background process (service, thread, intentservice, whatever best suits you) you sync this information with the local database
UI is always showing info from local database
Of course, this is a very general approach, and needs to be examined for each case as different situations may need different approaches.
My base response is that I would keep the data in one place and access it remotely unless there is a major reason to keep it locally. There would have to be extenuating circumstances to mandate that I keep a copy of the data locally. Just make sure your queries are accurate and concise. Don't pull over more data than you need to.However, you can have a subset of data kept locally. Items that are specific to the user (like messages), but keeping data that is not relevant just adds overhead and bloat.
I am very new to android and am trying to understand db persistence.
Consider this scenario
on device1 local db created
it syncs with google via the BackupAgent by backing up the db file
on device2 db file is restored and local db is now in sync
The problem I think I may have what happens if there is no remote connection. Then this could happen
on device1 local db created
it syncs with google via the BackupAgent by backing up the db file
on device2 previous db file is updated offline
device2 goes online. Syncs with backup agent and device2 changes are lost
There are various scenarios where I think this pattern will cause conflicts between devices. Am I missing a simpler better way to store and sync data between multiple devices. Perhaps just only store things on a remote databse perhaps.
As i said I am new to this so any advice would be greatly received.
Thanks
From the docs:
The backup service is not designed for synchronizing application data with other clients or saving data that you'd like to access during the normal application lifecycle. You cannot read or write backup data on demand and cannot access it in any way other than through the APIs provided by the Backup Manager.
The backup agent is not meant to be used in the way you are using it. It is not meant to provide real-time syncing of data between multiple client devices. It is only designed to backup stuff such as user preferences so that if users move to a new device or reset their phones, they can restore their settings and things like that .
When you request a backup, the agent does not do it immediately. It does it at a later time based on a number of different parameters (such as network efficiency). It is generally meant to store the latest version of a users preferences.
If you want real-time syncing between devices, you would need to implement your own backend or try out one of the BAAS (Backend-As-A-Service) providers such as Parse or Firebase.