request: Add documentation how to use FlutterFire packages the old way without this tool

[kinex]

Is there an existing feature request for this?

• [X] I have searched the existing issues.

Command

No response

Description

Please add documentation how to continue using FlutterFire without this tool i.e. the old way. There are several unclear items like do I need to put something to .gradle files in this case.

Reasoning

I don't want to use this tool in my project. There were not any issues in the old way of downloading manually the required config files from Firebase and updating the files when needed (which is very rarely actually). This tool only adds complexity to my project and I will consider it also as a security risk.

Detected problems:

• The new generated files firebase_options.dart and firebase_app_id_file.json are not useful at least in Android / iOS projects. The same information is already available in the files google-services.json (Android) and GoogleService-Info.plist (iOS) which you cannot remove anyway, because at least Crashlytics and the plugin google_sign_in require them. I would bet at least 95% of the Flutter/Firebase apps use both Crashlytics and the plugin google_sign_in.

• Flavors are not supported and maintaining existing flavor implementation gets even more complex (due to the new required file firebase_app_id_file.json in the fixed location).

• It is much more clear and easier to maintain the project if the required information is in one place / platfrom i.e. google-services.json (Android) and GoogleService-Info.plist (iOS) and the application is initialized with await Firebase.initializeApp() without any parameters.

• The tool seems to create applications to Firebase without even confirming it from the user. This already happened to me when I tried the tool for the first time (the tool did not recognize the correct package id / bundle id from my project so it decided to add new applications to Firebase without any questions). Luckily it was only my Development project in Firebase. I don't want this kind of tool connecting to my production project in Firebase, not even with read access. That's why I say this tool is currently a security risk as the tool can even modify my Firebase projects. It is also unclear what it exactly does and when, and all this can be changed at any time when you update the tool.

Additional context and comments

Maybe the tool is useful for new developers trying Flutter/Firebase and to get started quickly, but for real-world production apps the tool it is currently only a new problem and a security risk.

I could consider using this tool again if you:

• Totally remove need for google-services.json and GoogleService-Info.plist, but I am not sure if it is technically possible.
• Allow using the tool in read-only mode (quaranteed that it does not modify any Firebase projects), or even offline.