Firebase: be careful to properly secure your data!

We all love firebase, and for a lot of applications the data stored in firebase will not be that critical. However, if you plan to store personal or confidential data in firebase, please think about your users and make sure to pay a lot of attention to properly securing your data, to avoid ending up in reports like this:

Report on firebase breaches

regards Rob

1 Like

Thanks for this reminder @Rob_Schoemaker!

How do we properly secure the firebase data if the app is to allow read and write by all users of the app? What are the firebase rules we need to set and how do we authenticate users and allow them access to their own nodes only?

1 Like


Only allowing users to access their own nodes:

The link is labeled as dangerous for the pc, isn’t it ironic?

I’d like to have in my app a cellphone number only authentication, I can have the SMS verification trough an external service, but I don’t know if I can have the firebase data security if the user doesn’t register to firebase with the email, any suggestion or explanation about it?


Hey Rob, Really having trouble getting the firebase rules to work. If I set read write to true, the app below works. But if I change the firebase rules to the suggested read/write access, I can’t get it to work. If you have any advice, it would be really really appreciated. I’ve watched, and read so many tutorials. Thank you so much if you have any suggestions. John

rules in firebase:
“rules”: {
“users”: {
“$uid”: {
“.read”: “auth != null && auth.uid == $uid”,
“.write”: “auth != null && auth.uid == $uid”

Check this post:

Firebase security rules can be very, very hard to understand.Read a lot and the keep reading.