FirePush icon indicating copy to clipboard operation
FirePush copied to clipboard
verified publisher icon karanatwal

Consider adding a warning

Open zunjae opened this issue 6 years ago • 2 comments

Hi there

Could you consider adding a fair warning that including this library into a client application is highly insecure and should not be done unless the developer knows 100% sure the .apk can't fall in the wrong hands? Even with encryption, obfuscation or whatever, the Firebase secret token can be captured through an injected debugger or simply by intercepting the outgoing call.

zunjae avatar Jun 17 '19 07:06 zunjae

Hello @zunjae Thanks for showing interest. Could you please tell me if there is any way to make it secure?

karanatwal avatar Jun 21 '19 15:06 karanatwal

No

If Google can't even secure it then no one can. The Firebase token should only be used server sided, not client sided.

zunjae avatar Jun 22 '19 11:06 zunjae