How to enable access of firestore data to my nativescript app only?

Question

I am developing android/ios app using Nativesript + angular. I want to display a ListView in my app. For that ListView, I want to use firestore database product by Firebase as Backend data provider. What I want: 1. I don't want users to login or to be authenticated to use the app. 2. I want the data coming from firebase database can only be used by my app. If some other apps or anonymous utilizes the data, is there any way I can block them?

I have tried putting rules like

service cloud.firestore {
  match /databases/{database}/documents {
    match /{document=**} {
      allow read: if true;
    }
  }
}

But it allows everyone to access the data.

Is there any other data provider which gives the same functionality?

Answer 1

Update (May 2021):

Thanks to the new feature called Firebase App Check, it is now actually possible to limit calls to Callable Cloud Functions to only those coming from iOS, Android and Web apps that are registered in your Firebase project.

You'll typically want to combine this with the user authentication based security that I described earlier/below, so that you have another shield against abusive users that do use your app.

It is still typically recommend to control access based on authenticating a user (allowing you to identify each individual user), and then ensuring they can only access data they're authorized for (in security rules).

If you don't want your users to have to sign in, you can use anonymous authentication. While this doesn't give you any information about the user, you can still identify them in security rules and thus limit their access based on what they've done.

By combining App Check with security rules, you have both broad protection and fine-grained control over what data everyone can access.