What rules to use on Firebase-RealtimeDatabase to let users register and login?

Question

In order to let Android users register and login through my app I have set the .read and .write as true<

Answer 1

This is depends on the situation of your project on how it works, If you want all authenticated users can read all users data, but cannot write to other users Database, this must be the rule. Current user can only write to his own Database

{
  "rules": {
   "users" : {
     ".read" : "auth != null",
       "$user_id" : {
     ".write" : "auth != null && $user_id === auth.uid"
      }
    },
  }
}

Rule below is for: Read and write to your own Database (No one can read and write except the currentUser)

{
  "rules": {
   "users" : {
     "$user_id" : {
        ".read" : "auth != null && $user_id === auth.uid",
        ".write" : "auth != null && $user_id === auth.uid"
      }
    },
  }
}

Answer 2

Using the following rules:

{
  "rules": {
      ".read": "auth != null",
      ".write": "auth != null"
  }
}

You'll give read and write access only to authenticated users. For more information, please see the official documentation regarding Firebase security rules.

According to your comment, you should then verify if the user that performs an operation is actually the authenticated user. So for example, let's say you want only authenticated users to able to access their accounts, the following rules are required:

{
  "rules": {
    "users": {
      "$uid":{
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}