Ravi Ranjan
Reputation: 19
Exposed Firebase Cloud Messaging Server Keys
I had used fcm to send notification in my app using api.after some days google send this and removed my app from play store.please help me.
I have tried everywhere not getting exact answer.
Upvotes: 2
Views: 387
Answers (1)
flutroid
Reputation: 1396
Put FCM Key in untrusted environment is a security issue, Any hackers are possible to send message to any user by using FCM key.
FCM key shouldn't exists in your public app like downloaded to your instance, Store in local storage, Hardcode inside application etc.
FCM key should only exists in trusted environment like your server, cloud functions etc.
You can also see this Do I need to protect my firebase Server Key?.
Upvotes: 2
Related Questions
- Firebase messaging, where to get Server Key?
- Firebase Cloud Messaging API (V1): Server Key missing
- Firebase Cloud Messaging Token
- Firebase Cloud Messaging where to find PUBLIC VAPID KEY
- Firebase Cloud Messaging different keys
- Firebase Cloud Messaging Notification Key Name
- Firebase Cloud Messaging replaced the server keys with Tokens for sending notifications/messages
- Firebase Cloud Messaging API Key
- Manage server keys in Firebase Cloud Messaging
- Firebase Cloud Messaging No Server Key