Rosário Fernandes

Firebase Developer Relations at Google

Talk Title

google-services.json file – to commit or not to commit? That’s the question






16:00 > 40 min


on Twitter

When following the recommended option to add Firebase to your Android app, the Firebase Console tells you to download a file named "google-services.json" (which contains API Keys from your Firebase Project) and add it to your app directory. And that makes you wonder: how sensitive are those keys? Should I encrypt it before shipping it with my app? Can I commit it to version control? Is my project going to be publicly exposed and vulnerable?
In this talk, Rosário will be answering these questions and will provide a comprehensive security checklist for Android developers to make sure that their app is not unintentionally exposing their Firebase project.
Expect to come out of the session with a better understanding of the importance of Firebase’s Security Rules, Firebase App Check and Firebase Auth. Oh, and the answer to the question on the session title, of course.

Speaker Bio

Rosário P. Fernandes is a Developer Relations Engineer on the Firebase Team, mainly focused on helping developers integrate Firebase into their Android App Development workflows. He’s originally from Mozambique, but is now based in London, UK. Rosário has been using Firebase since 2016 and has also contributed lots of improvements to its codebase. In his free-time, he enjoys playing chess, reading comic books and watching movies.