stackoom
  简体   繁体   中英

APK Reverse engineering Firebase information reading problem?

 原文  2020-06-12 06:31:16       android/ firebase

Question

I created a simple messaging app for Android. I worked a bit on reverse engineering issues to test application security. When I analyze my application with reverse engineering, Firebase project ID, App ID and API Key can be easily read. Can attackers access the database with this information?

1 answers

solution1
 0  2020-06-12 06:34:43

Yes, they can.

You should use security rules in tandem with Firebase Authentication to protect the database in order to determine who exactly can read and write the database.

Since you didn't say which database you're using, you can read about security rules for bothFirestore and Realtime Database to determine what you need to do.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Is it possible to hack an app by reverse engineering the apk? anti-reverse engineering on android apk Hide res folder in apk reverse engineering Reverse engineering from an APK file to a project How to avoid reverse engineering of an APK file How to prevent reverse engineering of an Android APK file to secure code? How to prevent reverse engineering apk to get server login? How to avoid reverse engineering of an APK assets folder resources items file? How successful is reverse engineering of an APK created using Xamarin? Need some information about reverse engineering and decompile (android app - jdk)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM