When anyone extracts my apk to source code,will he be able to use my firebase projects data?I don't want to obfuscate code.I will make the apk signed and upload in playstore.Will my firebase project keys accessable to decompiler of apk file?
Asked
Active
Viewed 10 times
0
-
Yes. Anyone who has your APK, can get the configuration data from there and use it to make API calls against your Firebase project. The configuration data is **not** meant to be a security mechanism. See https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public, https://firebase.google.com/docs/rules and some of these: https://www.google.com/search?q=site:stackoverflow.com+how+to+secure+a+firebase+android+app – Frank van Puffelen Aug 03 '20 at 17:35
-
So, if anyone use these data's(some users personal data will be there) from my firebase project,will i be responsible for his any misuse?or,he will be responsible and punished? I mean do i have right to punish him if he misuse these datas or, do any harm to my project? – Apurba A Aug 03 '20 at 17:47
-
Yes, you are responsible for preventing abuse, which you can do with security rules and server-side checks. See the links I provided for more info. – Frank van Puffelen Aug 03 '20 at 17:50