Is it secure to call firestore from flutter mobile apps?

firebase firebase-realtime-database flutter google-cloud-firestore firebase-security
1,723

It's standard practice to write database queries directly into the app. That's exactly what you're supposed to do with the Firebase SDKs on all mobile app platforms.

You should also assume that any code you ship to end users might be reverse engineered and compromised in some way. It's not common, but it's very possible.

What you'll need to do is use Firebase Authentication along with Firestore security rules to protect your data at the server, so that users can only do what you say they can do. You will need to design rules that implement exactly what you want to protect.

It's impossible to say for certain if security rules are sufficient for your use case, since you haven't stated exactly what your requirements are. If they are not sufficient, you will have to offload some work to a backend you control, and it will have to check for whatever you want to allow.

Share:
1,723
Amanda Wong
Author by

Amanda Wong

Updated on December 07, 2022

Comments

  • Amanda Wong
    Amanda Wong over 1 year

    I am new to Flutter's framework. I am coding a mobile application that connects to the Firestore. I would like to ask how secure it is to simply code Firestore/Firebase database logic into our Flutter application. Any possibilities that the user can alter the logic in the mobile app build itself and take control of what's being sent to the Firestore/Firebase? Also, is it sufficient to protect my database with just Firestore/Firebase's DB rules?

  • Amanda Wong
    Amanda Wong over 5 years
    Thanks for the fast response!

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Firebase-firestore security rules per document flutter
Flutter The argument type 'StreamTransformer<dynamic, dynamic>' can't be assigned to the parameter type StreamTransformer<QuerySnapshot List<Message>>
Firebase Firestore Securitty Rule | Allow read if field value same as auth uid
Flutter firebase get a field from document
Firebase firestore get user document without authenticated
How to merge results of two Future<QuerySnapshots> into one one Future<QuerySnapshots> in flutter using firebase, using Future Builder
How to wait for multiple Firestore Streams to return Data in Flutter
Capture cloud firestore document snapshot error in Flutter
Making sense of Firestore Security Rules - only allowing update for certain fields
How to get documents in firestore, whose document IDs are stored in the list?, i.e bring only those documents....?