How can we deliver a Flutter / Firebase App and make sure the Dev Team has no access to the Client Data requiring no Manual Setting in Firebase?
Setting up individual Firebase account does not seem to work, as it may be quite time consuming and expensive
Related
How to get the count of Authentications in firebase console by using flutter for example:
1000 users are authenticated to my app. i can see the users who are authenticated to my application through firebase console.But I need to get the count of authentications (1000) in my flutter admin applications.
Now i'm getting the authentication count with the help of cloud firestore by simply create the collection and inside the document i'm incrementing the count of integer whenever the new user sign in.
Is there any way to do it without the help of cloud firestore.Kindly help me to solve this issue.
Thanks in advance..
As Dharmaraj commented, you get get a list of all users from the Firebase Admin SDK. This SDK cannot be used directly in your Flutter app though, and is meant to be used only in trusted environments. I also don't think it's the best fit for your use-case, as listing all users is going to slow down as you add more users to your app.
Keeping a count of what you want to show in the database (as you already seem to be doing) is probably the right approach here, as it amortizes the cost of maintaining the counter over the user actions, makes the reads trivial, and allows you to track exactly the count of actions that fits with your use-case.
In my app users can read and write data on Firestore.
In the Firestore Database there Is also a "Credit" document for each user where the balance of coins Is stored.
How can I be sure that no One could modify an APK of the app in order to change the balance?
In the app there are some functions that remove some coins from the balance, my fear Is that someone could change the code and add coins instead.
assuming that your app implements firebase authentication to authenticate operations on firestore it's safe to say that your app is compiled with a key and it has an hash.. it's not possible to someone to decompile the app, change the code and recompile it with your key.. so the new "hacked" app will have a different key and hash and firebase authentication will not work and your db will be safe
I think you need to secure the data itself. In your scenario I don't think you can have code in the app that simply writes a value to the balance. You need to create a separate API or firebase function to secure what you are trying to do.
If you want to ensure that only your application code can call Firestore, consider enabling Firebase App Check.
Just keep in mind that:
Using App Check does not guarantee the elimination of all abuse
So you'll want to combine it with other security measures, for example through the server-side security rules that Firebase also offers for Firestore.
Also see:
Locking down Firebase DB access to specific apps
How to allow only my app to access firebase without a login?
I am looking for examples/tutorials or an explanation of how I can use my app that has both Firebase Authentication and the Firestore cloud database. I think I understand how to setup offline persistence with the Firestore db, and I think that means that data will be persisted while my app is running and should connection be lost.
What if a user jumps on a a plane with zero connection and wants to run my app and is first presented with the login screen for Authentication. Can you point to an example or tutorial on the best way to setup this so that the app can still run from the beginning with no connectivity and then be able to authenticate and put the data in the Firestore cloud database when connectivity is gained?
Thank you.
According to the official Firebase documentation:
If your app uses Firebase Authentication, the Firebase Realtime
Database client persists the user's authentication token across app
restarts. If the auth token expires while your app is offline, the
client pauses write operations until your app re-authenticates the
user, otherwise the write operations might fail due to security rules.
EDIT:
You can achieve that with Cloud Firestore by enabling offline persistence:
Cloud Firestore supports offline data persistence. This feature caches
a copy of the Cloud Firestore data that your app is actively using, so
your app can access the data when the device is offline. You can
write, read, listen to, and query the cached data. When the device
comes back online, Cloud Firestore synchronizes any local changes made
by your app to the Cloud Firestore backend.
Note that you won't need to make any changes to the code that you use to access Cloud Firestore data.
Here you can see some examples for configuring the offline persistence.
My flutter app is using refresh and access tokens to validate requests to a c# web API. This works perfectly. However, as soon as I introduced android_alarm_manager to do some background syncing of data (using isolates), I found that my refresh tokens were becoming invalid after a while (I store my refresh tokens in local storage).
This is due to multiple isolates requesting a new access token simultaneously (as I cannot lock the method due to isolates not sharing memory). Now I am not sure what the best approach would be to keep the tokens in sync.
I was thinking that each isolate could have its own refresh and access token but that doesn't seem like a good idea as I would have to store the username and password locally. Another idea I had was to setup some syncing strategy between the isolates using isolate communication or local storage, but feels like overkill.
Thanks
Take a look at the Flutter Geofencing sample:
Repo: https://github.com/bkonyi/FlutterGeofencing/tree/master/lib/src
Article: https://medium.com/flutter/executing-dart-in-the-background-with-flutter-plugins-and-geofencing-2b3e40a1a124
It uses SendPorts to communicate across isolates which sounds like what you need:
https://api.flutter.dev/flutter/dart-ui/IsolateNameServer-class.html
You could then update the token in any isolate and send it via a SendPort to all isolates to keep it in sync.
I am planning to use Firebase as my backend service for the mobile application. As part of the functionality, I need to get the data from external rest API which returns JSON data. I need to update the data periodically so that I can have updated information.
I have an option to call the rest API and update firebase on the mobile application however it is not the right approach. I prefer to keep this logic on the backend service.
Is there a way to use Firebase cloud function to periodically update firebase database from external Rest API?
#Ioki, I assume what you are trying to do is make a mobile app which gets updated data every time a user goes to the app but you want this to be on the backend. I haven't tried it but you might want to use Node js with their Firebase Admin SDK.
See the link: https://firebase.google.com/docs/admin/setup
Although I think it might make more sense to use the real-time database via the iOS/ Android SDK because automatic/ value event updates are basically the purpose of the real- time database. Good luck! :)