I am planning to switch to Firebase as my local and online database for my Android app. As per the docs, Firebase stores changes to the local database first and then pushed it to the online DB when network is available.
In my app, I would be putting some really sensitive data about the user in the database. So here are my questions,
How secure is the local Firebase database?
How difficult is it for a well-intentioned hacker with the right tools to hack it?
Is it just a simple JSON file like the online database, which anyone with root access can open?
Thanks.
As a default Firebase database has no security, it's the development team's responsibility to correctly secure the database prior to it storing real data. In Google Firebase, this is done by requiring authentication and implementing rule-based authorization for each database table.
Is it possible to update a Firebase db without the whole secure key and things.. using a browser may be? but is it possible to Get API key from an Apk? Short Answer : Yes, But it will be hard than a website.
The Firebase Realtime Database synchronizes and stores a local copy of the data for active listeners. In addition, you can keep specific locations in sync. The Firebase Realtime Database client automatically downloads the data at these locations and keeps it in sync even if the reference has no active listeners.
The answer is anyone. Firebase doesn't require an SQL user or anything, just connect. Use firebase security rules, validation rules, and functions, to guarantee data consistency.
In a general sense, Firebase Realtime Database can be used while offline. However, the expectation is that the app is supposed to be connected most of the time, and changes to the database that happen while offline will be synchronized when it has connectivity. 100% offline use is not really a supported use case, because the canonical data store is on the server.
The local copy of the database is limited to (10MB, at least on Android this is the case). If you intend to write to the database beyond this limit while offline, it will evict part of your cached data to make room for whatever you’re adding. Then, you will no longer be able to read those evicted values until the app goes back online. Worse, managing a growing list of writes to apply when back online is taxing on the app, so you don’t want to plan a lot of writes while offline.
Also, if you have permissions or validations defined for your database, these can only be checked on the server. So, if you’re doing offline writing to your local cache and you no longer have an active listener, you may never know if those writes fail.
Because of these caveats, it’s better not to think of Firebase Realtime Database as an “offline” database. It’s better to think of it as a “synchronized” database that actively syncs to the server while connectivity is present.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With