1

I am wondering, when you create a mobile app to connect it with firebase backend services it is necessary to include information of the firebase project in the source code of the app.

I'm concerned about having the http address of my firebase project in the source code of the app, in case there's a reverse engineering attack one could get that http address.

Is there any way to hide or encrypt this kind of information? (i've read about obfucasting the code but people say it won't solve the issue) or alternatively, is there any way to connect a mobile app with firebase without including the http address directly in the source code?

Daniel Olmos
  • 19
  • 1
  • 3
  • Any encoding you do, will be to be decoded in your application code - and thus can also be reversed by a malicious user. See the question I linked for more on how to think of this configuration data, and how you *can* secure your actual user data. – Frank van Puffelen Feb 08 '21 at 23:48

0 Answers0