Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is it necessary to encrypt chat messages before storing it into firebase?

As far as I know, Firebase sends data over an HTTPS connection, so that the data is already being encrypted. Although Firebase provides security rules to protect my data structure, I can still be able to see the string messages in the database.

I'm just curious whether it is a good idea to encrypt messages before pushing the data to Firebase or not. Should I just move on from this topic to something else?

Thank you.

like image 787
JeffMinsungKim Avatar asked Dec 16 '17 11:12

JeffMinsungKim


People also ask

Is firebase chat encrypted?

Firebase services encrypt data in transit using HTTPS and logically isolate customer data. In addition, several Firebase services also encrypt their data at rest: Cloud Firestore. Cloud Functions for Firebase.

Why do we need to encrypt messages?

Encryption enhances the security of a message or file by scrambling the content. To encrypt a message, you need the right key, and you need the right key to decrypt it as well.It is the most effective way to hide communication via encoded information where the sender and the recipient hold the key to decipher data.

Does firebase have end to end encryption?

You can now add End-to-End Encryption (E2EE) to your Firebase project: build a secure WhatsApp-like chat app, protect your users' profile data, health records, social photos–anything and everything! While End-to-End Encryption may sound like smoke and mirrors, it's super-simple.


1 Answers

You seem to have a good grasp of how Firebase Database works: the data is encrypted in transit, and it is stored on encrypted disks on the servers. If you enable local persistence on the device, the on device data is not encrypted.

But administrators of the app can see the data in the Firebase console. If it is a requirement of your app that administrators can't read this data, then you'll need to encrypt it on the client before sending it to Firebase. A while ago a developer explained their end-to-end encrypted chat on the firebase-talk mailing list.

like image 127
Frank van Puffelen Avatar answered Sep 19 '22 02:09

Frank van Puffelen