I want to create a chat app. When you are on the main menu you can select “Chat”. This creates a unique username for you and you enter the chatroom. Someone else comes along and the two of you are connected. You can then chat to each other.
The messaging is done via Firebase. When a user types a message it is stored to Firebase. The DataChanged block will then display the message on the other person’s phone. Therefore only the latest message is stored in Firebase. Once one or both users leave the chatroom the message is deleted from Firebase.
In my app I do not ask for any user details at all (ie name, email, phone number etc).
If I leave read and write rules to true anyone can hack my database.
Does this mean a hacker can delete/modify the latest message the users are exchanging?
To secure Firebase I need to authenticate users. This means their details will need to be stored in Firebase. However, I do not want to store any of these details. Only the latest message should be stored.
How can I secure Firebase without authenticating users?