i am building a chat android app that allows users to chat where users can create account and use all the features. It's about to be completed but there's a problem, actually a question.
Is firebase on android safe ?
In my firebase database, i have created a rule as follow:
{ "rules": { ".read": "auth != null", ".write": "auth != null" } } Now, this rule will reject any non authenticated users from accessing the data and pushing data or deleting any of it. But, when user creates an account on my chat app, he/she will be authenticated and my app will allow to make modifications. What if they reversed engineered the app and changed some of the codes and pushed invalid datas or removed some of the values from database coz they are already authenticated ?? How can i prevent that ?
When user creates account in my app i use:
auth.createUserWithEmailAndPassword(email, password) .addOnCompleteListener(RegisterActivity.this, new OnCompleteListener<AuthResult>() { This will create a new chat user for the app. So, user is creating his/her own account and they know the credentials and everything. I am so confused, how can i prevent them from editing my codes ?
proguardstackoverflow.com/questions/18259632/should-i-use-proguard. As for the other question you may start from here: stackoverflow.com/questions/38345085/… and here: stackoverflow.com/questions/48862359/…