Reputation: 43
I'm Developing an Android app and using Firebase as my Backend
By Using Firebase , all my Logic will be inside the client app . So if someone got my source code by reverse engineering the android app , then he/she can easily change the Firebase References (node names) and can change things of other users and that's not a good thing at all.
My app uses Phone Authentication to authenticate Users . but The hacker can change the reference and then authenticate himself using his phone no and then he is good to go altering someone else's account .
So how to prevent that ?
Upvotes: 0
Views: 1257
Answers (2)
Reputation: 481
If I understand you right, you are using firebase database. You shoud read how firebase security rules work. It is possible to let a user only access and modify his own data if the user is authenticated via one of Firebase auth's methods (you mentioned phone auth). As you haven't provide example code, I can't give you a concrete usage, but you can find many examples in the firebase docs about "Securing user data".
If you do it like this, it doesn't matter what a "hacker" would do as he needs to authenticate with another user's number first. (=impossible)
Upvotes: 2
Reputation: 1650
Just use Progaurd to obfuscate your code.You can find more on this link
Upvotes: 0
Related Questions
- User Login with Firebase-Realtime Database
- Realtime Database security [Android]
- Firebase admin and user account
- FirebaseUI database and auth
- Firebase database authentication
- Firebase Anonymous user
- Using Firebase as backend db for mobile app
- User Presence and Authentication
- Using Firebase as backend
- Auth State Managment for Firebase in Android