Firebase help needed

can someone teach me how to make it so only the app can access firebase without me making read and write in firebase rules public? because i dont want people to just go to the database and change whatever value they want

Your query seems to be different.
In first part you asked app to read it automatically
In second part public do not rea and write..

Cont understand the logic.

i just want to make it so only the app can access the database while other people cannot

App mean those who are using the app they are all consider as app only..

If you add only your app in the FB console, then technically only your app (all the users of your app as @Spicy_Topics mentioned) can access the data.
But ... some people can find a workaround :wink:

1 Like

There are probably many different ways to achieve this. Here are some suggestions for you.

  1. Do not share your Firebase API key or URL with anyone
  2. In your app, add a "secret key" to a users password on registration/login, then they can only login in via the app. (This won't stop someone signing up / logging in if they have your API/URL....)
  3. Add something to a users profile to identify they are using the app
  4. Use email verification on sign up
  5. On registration in your app, issue a code to allow them to sign up. Registration will not be allowed in your app without this code being entered.

See here for more things you might be able to do:

Firebase | Avoid insecure rules
Firebase | Basic Security Rules
Firebase | Auth REST API

1 Like

cant people use networking tools to see what the firebase link is? since the app will contact the firebase server after all... ;-;

Probably, but that is the same for most things .....

Best you can do is use a webview and build a JS front end, then all requests to / responses from the server would be https, and store your firebase config off the app online somewhere. But even then....