Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Firebase .plist configuration file and security

I am interested in the security aspect of the Firebase .plist configuration file that is given to you during configuration. This file counties sensitive information.

Should this file be protected? Because in the examples this file located in root of the project and could be easily taken from .ipa files.

Example of the GoogleService-Info.plist file:

enter image description here

like image 373
Oleg Gordiichuk Avatar asked Jan 16 '17 15:01

Oleg Gordiichuk


People also ask

Is plist secure?

Anyone can access a . plist file. But if is hard coded in a class is much more secure, use the second option. Nothing is 100% secure, but hard-coded in a class if someone want to access this value, the work is more hard.

Is GoogleService-info plist secret?

None of the values in the GoogleService-Info. plist or google-services. json file are secrets, they are all identifiers that can be included in your app without concern. Some teams choose to keep them in version control while others store them elsewhere, that's a personal choice and the end result is the same.

Where do I put GoogleService-info plist react native?

Once downloaded, place the file in the root of your iOS app at ios/[YOUR APP NAME]/GoogleService-Info. plist . Make sure that the GoogleService-Info. plist file has been added to your project within XCode.


1 Answers

The information you're showing in your screenshot is not secret at all. In fact: values like the database URL, the project's API key and the project ID are necessary for the app to be able to find its Firebase project on Google's servers.

Also see:

  • Is it safe to expose Firebase apiKey to the public?
  • How to prevent other access to my firebase
  • this question on the #AskFirebase show
  • Firebase Database security rules
like image 52
Frank van Puffelen Avatar answered Sep 19 '22 20:09

Frank van Puffelen