Firebase app check


firebase has been offering for some time a new service app check it is the promise next to authentication to strengthen security my question can we implement this service with thunkable

Not at the moment. Is this something you need? What kind of app are you building at the moment?


I gradually understand the importance of the data I would like to offer the maximum security that I can implement at my level of beginner ok I use the rules of firebase but by decompiling the application according to what I understood almost anyone can have access to the data even by game in my entourage certain will not miss it
I intend to put this app on Playstore

I would like to know what the creator of this application thinks about it.

We secure your data on our cloud server powered by Airtable with your login info managed by Google and the RealtimeDB, so you don’t ever need to worry about losing your data or your login information.

I would like to have at least this insurance

1 Like

Use Sign in with Google from the authentication of Firebase. This way, when your app is decompiled the information available is not useful to view database contents.

Of course, if you decide to do so then you need to create your own sign in procedure because Thunkable only provides Username/Password Sign In method.


Thanks for your answer

it’s true that everyone does not use firebase or others in their applications but at the time of data sharing what type of application we are supposed to “write” while eminent developers who belong to the Thunkable staff do not mention not to my knowledge these subjects

I’m glad you are building cool apps. We are working on an academy of “best practices” but there’s no way we could possibly cover everything you need to know.

It seems you’re concerned that someone might decompile your app and then use that info to access your users private info. Is that accurate?

This was my app. If it helps to know, I don’t even use airtable anymore. My app is 100% on Firebase for auth and DB work. And user data is still present and secure.


Thanks for your answer

I really like the idea of ​​the best practices academy and I must say that there is always someone to guide us
To put an end to my hesitation, so I can authenticate the user with the sign in block and use the other blocks without too much fear?

1 Like


I didn’t understand why using google for authentication was more secure than using email

I decompiled my app online to see I only browsed the android manifest file

absolutely. and if you started to use a backend sever, you could assign roles to your users and harness the power of IAM through firebase auth and really narrow down who has access to what docs.

Firebase can be used in HIPAA compliant systems when implemented the right way. It’s safe. What you need to worry about is your security rules. There are some good threads about that in the community.

If your worry is based on the fact that you actually supply the API key and Database URL in Thunkable project and this will be available in the Android APK when recompiled then using Google account authentication should clear the worry as you will not supply any API keys for Firebase and will use either an HTML file to authenticate or a server based approach such as GCP (Google Cloud Platform) and therefore your Firebase API keys will not be in the project anymore.

As I pointed out previously, the drawback of this approach is that you have to use APIs to read/write data to Firebase and not the normal Thunkable blocks.

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.