问题
By Using Firebase , all my Logic will be inside the client app . So if someone got my source code by reverse engineering the android app , then he/she can easily change the Firebase References (node names) and can change things of other users and that's not a good thing at all.
My app uses Phone Authentication to authenticate Users . but The hacker can change the reference and then authenticate himself using his phone no and then he is good to go altering someone else's account .
So how to prevent that ?
回答1:
If I understand you right, you are using firebase database. You shoud read how firebase security rules work. It is possible to let a user only access and modify his own data if the user is authenticated via one of Firebase auth's methods (you mentioned phone auth). As you haven't provide example code, I can't give you a concrete usage, but you can find many examples in the firebase docs about "Securing user data".
If you do it like this, it doesn't matter what a "hacker" would do as he needs to authenticate with another user's number first. (=impossible)
回答2:
Just use Progaurd to obfuscate your code.You can find more on this link
来源:https://stackoverflow.com/questions/45413032/im-developing-an-android-app-and-using-firebase-as-my-backend