When following the recommended option to add Firebase to your Android app, the Firebase Console tells you to download a file named “google-services.json” (which contains API Keys from your Firebase Project) and add it to your app directory. And that makes you wonder: how sensitive are those keys? Should I encrypt it before shipping it with my app? Can I commit it to version control? Is my project going to be publicly exposed and vulnerable?
In this talk, Rosário will be answering these questions and will provide a comprehensive security checklist for Android developers to make sure that their app is not unintentionally exposing their Firebase project.
Expect to come out of the session with a better understanding of the importance of Firebase’s Security Rules, Firebase App Check and Firebase Auth. Oh, and the answer to the question on the session title, of course.