I have a security issue with Firebase.
I want all users to be able to update their data in a Firebase database from a flutter app but only after some app verification, payment for example. so I don't want them to be able to write data except through the app process and I have no idea how to separate the app user who has the right after verification and the one who doesn't and just knows the address of the database.
To summarize, how can I be sure a request is from the flutter app and only grant access if it's the case ?
Related
I have two apps and using same firebase project for both the apps , and i want to check if the user logged in through the first app , then if he open the second app for the first time get the data if the current user is logged is or not with the same email. Is it possible to check this through firebase or i have to do it locally .
I am bit confused about firebase security rules. Do we need to write firebase security rules only for websites or should we write it for mobile apps also. I am trying to build a mobile app. Do I need to use firebase security rules (firebase is my backend) for my mobile app or is firebase security rules only for websites and is not required to write it for my mobile app. Please clear my confusion.
Security rules save your data from being Update/Read/Write/Delete by unauthorized user, they are not web or app specific they are globally applied on you database (Firestore or Real Time Database) and Firebase Storage).
for more please check https://firebase.google.com/docs/rules/
I have a flutter app and I use flutter secure storage.
I am implementing FCM ( Firebase Cloud Messaging ) push notifications in the application.
I have a main screen where, after the user logged in I, check if the user is using the app for the first time or if the app was uninstalled.
I do this check by a key from secure storage, if the value of the key is null then I assume that the user is using for the first time the app. So if it is for the first time I insert in the databse the token received from firebase.
The question: Is this approach valid for the case when the app was uninstalled or the storage cleared? Normally if the user uninstalled the application and after a while he install the app again the storage should be cleared and that key should be null, right?
Thank you!
This approach is valid however not is the best solution because if the app is unistalled you lost the key, the best approache is save the unique device id in your own backend and check this value when the app start. (You can use this flutter package https://pub.dev/packages/flutter_udid).
If you don't want use a package, you check if one user is created or no, if the user has been created in your backend not is the first time.
I figure out an idea to get device id using platform_device_id and store it on web when the user uninstall app and reinstall again i will know user old usage
I'm just new to flutter, is there a way to authenticate the user to only log in to one device at the same time without using firebase? I'm doing my research and all I'm seeing is they using firebase. My backend is Go.
I build an application similar to the chat applications, the user signup via the phone number using the Firebase Auth.
How I can create a list of the contacts stored by the user in their phone that is signed up in the application, such as those in the WhatsApp application.
How to fetch the phone contacts is already answered here Fetching contacts in flutter
Now you need think of your own way how you would create a list of those contacts which are also using the app. One option would be to make a query to your database for each phone number of the devices contact list and if its in the database you know this contact is also signed up, so you can add it to your list.