Unknown user in my firebase user authentication (Flutter/firebase)

firebase flutter firebase-authentication google-signin
405

Solution 1

Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.

This is why it's a good idea to add restriction to those API Keys

In case you haven't, go to https://console.cloud.google.com and

  1. Select your project
  2. Click the menu icon at the top left (hamburger icon)
  3. Go to API & Services and then credentials

You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.

You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database

All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact

Solution 2

To anyone still wondering about this:

If you provide a native google sign in and the registered email adresses look like this:

they are probably test accounts used to generate Google Plays Pre-Launch reports. You can read about it in the Play Console Help here.

If your app has a sign-in screen and you want the crawler to test the sign-in process or the content behind it, you need to provide account credentials.

Note that you do not need to provide credentials if your app supports "Sign-in with Google,” which enables the crawler to log in automatically.

Share:
405
Casual Witcher
Author by

Casual Witcher

Updated on December 21, 2022

Comments

  • Casual Witcher
    Casual Witcher over 1 year

    I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?

    • CoderUni
      CoderUni almost 4 years
      I dont think you got hacked. Just delete him. If you really want to change your password you can.
    • Damandroid
      Damandroid over 3 years
      I just faced the same problem. I actully had like 56 Unknown email addresses registered under the "user' tab under Authentication heading in my firebase console. Anyone knows why or how this can happen?
    • kpvsrkp
      kpvsrkp over 3 years
      I am also facing the same issue. Please help if any update in this regard.
    • to_sam
      to_sam over 3 years
      Same here. Any news on this?
  • Hari Aditya
    Hari Aditya over 2 years
    Firebase has released a feature titled 'Firebase AppCheck'. This is something you should definitely have a look at since it addresses this exact issue. firebase.google.com/docs/app-check

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Flutter Google Sign and Phone Auth error after publishing the app com.google.android.gms.common.api.b 10
When I open my flutter app it always shows SignIn screen for few seconds, even if I already signed In in my last session. And after that Main page
I am new to flutter web, how to authenticate users using firebase phone authentication, is there a way to keep user logged in?
How to avoid hardcoding REVERSED_CLIENT_ID into iOS Info.plist for dev/prod Google sign in?
Flutter Authentication sign in & sign out with Google from logged screen to login screen
Flutter Firebase Auth / Google_sign_in fail to login with statuscode=CANCELED
Flutter multidex problem With FirebaseAuth , Firestore and Google Sign in
Access Google Sign-In username globally
"Browser or app may not be secure. Try using a different browser." error with Flutter Firebase Google Login
Why Firebase email verification not working with Gmail accounts?