Ionic firestore security concerns and firestore rules

Question

I am developing an Ionic application. My app is almost done, I just have to fix some bugs, but I have security concerns. I do not have a server side application, everything is inside of the ionic app itself.

Since I have database calls and writes and edits how secure is my application? Is it possible that someone could reverse engineer the apk, change some firebase code and completely ruin my database and application? How does this work and how can i secure my application?

Also, which rules should I apply in firebase? Currently I have the default testing rules:

rules_version = '2';
service cloud.firestore {
    match /databases/{database}/documents {
        match /{document=**} {
            allow read, write: if true;
        }
    }
}

I am new to firebase and I dont quite understand the rules. I have two collections users and matches, and I want a specific user to only write and read from the user document which is his (has his id) and read and write to every document inside matches, that contains his id inside.

Answer 1

Since I have database calls and writes and edits how secure is my application?

It's not secure at all.

Is it possible that someone could reverse engineer the apk, change some firebase code and completely ruin my database and application?

With the security rules you show here, that is very possible. Your database allows full read and write access to anyone with an internet connection.

There's not enough information in your question to say exactly what you need to do. I strongly suggest first reviewing the documentation for security rules, and learn how to apply rules for your specific case. If you are having problems with specific code and rules, please post a question that shows the combination of client code and security rules that aren't working the way you expect.