1

I have integrated firebase analytics and crashlytics with my Xamarin forms application. I have concerns regarding the GoogleService-Info.plist file as it is present in the root folder of iOS project and anyone can get this plist file by unzipping the .ipa file.

So any hacker can create a local project and use this plist file along with the bundle identifier present in this plist file (using wildcard provisioning profile) and can dump data in the project which can affect analytics.

Is there any way to prevent this? Any help would be appreciated. Thanks

Payal Bhuva
  • 21
  • 1
  • There is no way to prevent this. That data must be public, otherwise your app would not be able to work with Firebase. If you want to protect data in storage, use security rules in tandem with Firebase Auth for that. While I have linked to a question that deal with web apps, it's the exact same concept for all user-facing applications that work with Firebase products directly. – Doug Stevenson Nov 17 '20 at 17:44

0 Answers0