Firestore Rules to give data access to specific app

Question

I am currently building two apps(admin and customer) and both have added in a single firebase project. Both apps are using Firebase Auth(Phone Number) registration process. The admin app is mostly saving details in Firestore DB and the customer app is only can fetch these details for viewing purposes.

Currently, I don't define any rules for them as I am a little new in Firestore/Firebase Rules. But I am wondering to add some rules which will give permission to fetch only those apps which I have added in the same Firebase project where my admin app is. I may be wrong but I think anyone can able to access my admin data by if they will get those names or keys which I am using in my Collections.

So is there any way or rules which will give the data accessing permission to specific apps that I have added in my same firebase project?

Answer 1

There is no way to limit access to "just this app" in Firebase security rules. Anyone can take the configuration data from your app and use it to call the same API as you app uses.

For this reason you will need to make sure that your security rules model the logic that you want. You'll typically replicate some of the data access logic between your client-side application code, and the server-side security rules. This means that you're modeling who can take certain actions, not what code/application they use to do that.

Also see:

• How can I set Rules in Firebase so that only my app can write on my database firestore?
• Is there any way to give everyone access to firestore database, but only via app?
• How to enable access of firestore data to my nativescript app only?
• and many more from these previous questions about the topic