I have a Firestore database and an Android app that connects with it. I want my app only to read from the database; the app is not going to write or delete anything from it. I also don't need any users or authentication by passwords. I just want my app to access a few collections and display them in GUI. In the rules, I put this:
allow list;
However, if I understand it correctly, it is possible for other people to access my database/integrate it into their apps and use for their own purposes. How can I avoid this? I want my database only be accessible from my app + I don't need users to authenticate by typing their username/password... If I include anonymous authentication, then how does it solve the problem if another person can do the same thing with it to access my database, i.e. come up with a code that uses anonymous authentication to access my DB?
