Reputation: 31
Unknown user in my firebase user authentication (Flutter/firebase)
I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Upvotes: 3
Views: 830
Answers (2)
Reputation: 425
To anyone still wondering about this:
If you provide a native google sign in and the registered email adresses look like this:
they are probably test accounts used to generate Google Plays Pre-Launch reports. You can read about it in the Play Console Help here.
If your app has a sign-in screen and you want the crawler to test the sign-in process or the content behind it, you need to provide account credentials.
Note that you do not need to provide credentials if your app supports "Sign-in with Google,” which enables the crawler to log in automatically.
Upvotes: 3
Reputation: 207
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
In case you haven't, go to https://console.cloud.google.com and
- Select your project
- Click the menu icon at the top left (hamburger icon)
- Go to API & Services and then credentials
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact
Upvotes: 1
Related Questions
- flutter firebase authentication FirebaseUser problem
- Flutter - Firebase Google authentication
- Flutter Firebase login error but still being logged in?
- Flutter Firebase - failing to properly delete a Google authenticated user
- Flutter Firebase authentication - new anonymous user generated following sign-out and sign-in
- Firebase Login: User can login with wrong credentials
- Issue with 'FirebaseUser' Future
- Flutter google sign in only when user exist in firebase?
- How to solve ERROR_USER_NOT_FOUND
- usernames in google auth flutter