My application does not have individual users, instead it has some data that is generated by clients, and others can see it, such as a public chat channel, usernames are also temporary.
I do not need all user account details to be authenticated. Instead, only if the request is from my application, it should be served differently. I see that there is user authentication, but that means I have to support uids tracking, etc., which also adds to the data store, another option is that I delete auth (set read / write publicly) and change data from my application.
Can I use the appβs privacy feature, which is used by the servers in my Android app, if so, how? This rule is for the server:
{
"rules": {
".read": true,
".write": "auth.uid = 'myserver'"
}
}
How can I make it work for my Android application?
How is my application insecure without authentication (read / write settings are public) when only I know the URL and only my package is configured from the Android application option on the server?
Is there any method other than user authentication that I can use that guarantees data security?
Talha source
share