Use of FirebaseAuth credentials in an Android .apk

Question

I'm currently looking at an .apk for Android and I came across some hard-coded credentials (email address and password). Apparently these are used for something called FirebaseAuth, which seems to be a Google service.

I'm not very familiar with the Android app development and don't know what the Firebase service is exactly used for.

Is it common to save hard-coded credentials for the service in the app?

What can be done with the credentials?

The credentials do not reflect any information affiliated with me.

I did come across this stackoverflow post, stating something about identifiers, but no clear answer.

edit: I believe my OP was not clear enough.

My question is whether it is normal for Firebase credentials to be stored in an APK or if generally something like an API token should be used.

Usually hard-coded credentials are a bad sign, but I'm not familiar with Firebase.

Where is this question going? What are you trying to achieve? Seems like this is a start of a discussion rather than something more specific. — Charlie Joynt, Mar 21 '17 at 14:02
I just want to know if it's *normal* for Firebase credentials to be in an APK, or if usually something like API tokens should be used. @CharlieJoynt Sorry for not being clear enough, I'll edit the OP. — Dolores The Third, Mar 22 '17 at 13:46

score 0 · Answer 1 · answered Mar 21 '17 at 13:52

0

when setting up Firebase you get a bunch of configuration entries. These are only for in app use and are not related to any user. Your app uses them to connect with the Firebase services. Normally they are stored in a config file within your Android app. So it is totally fine when these credentials are hard coded.

In order to provide a better answer please include some more information about the credentials (f.e. format)

answered Mar 21 '17 at 13:52

PtrBld

64
1
6

Thank you for your answer. Should the developer not use these `identifiers`, rather than the credentials in the app, as noted in the other SO question? As I mentioned in the OP, the credentials are plainly an email address and a password called in context with a function called `FireBaseAuth` – Dolores The Third Mar 21 '17 at 14:02
I can only guess what is going on in your code without seeing it... But pointing out that it is really email and password stored in your app, it seems that something is wrong... – PtrBld Mar 24 '17 at 12:23

Use of FirebaseAuth credentials in an Android .apk

1 Answers1