Menu
I am interested in the security aspect of the Firebase .plist configuration file that is given to you during configuration. This file counties sensitive information.
Should this file be protected? Because in the examples this file located in root of the project and could be easily taken from .ipa files.
Example of the GoogleService-Info.plist file:
373
Anyone can access a . plist file. But if is hard coded in a class is much more secure, use the second option. Nothing is 100% secure, but hard-coded in a class if someone want to access this value, the work is more hard.
None of the values in the GoogleService-Info. plist or google-services. json file are secrets, they are all identifiers that can be included in your app without concern. Some teams choose to keep them in version control while others store them elsewhere, that's a personal choice and the end result is the same.
Once downloaded, place the file in the root of your iOS app at ios/[YOUR APP NAME]/GoogleService-Info. plist . Make sure that the GoogleService-Info. plist file has been added to your project within XCode.
The information you're showing in your screenshot is not secret at all. In fact: values like the database URL, the project's API key and the project ID are necessary for the app to be able to find its Firebase project on Google's servers.
Also see:
52
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
