I’m helping out some people who are trying to create an app with some reasonably strong security and privacy requirements for their stored data. One requirement is that some of the data needs to be user-specific (i.e. not accessible by other users) and some might only be accessible by specific groups of users. I’d like to suggest that they (at least initially) use Cloud Variables (with their own Firebase DB) for their storage and I can see how I can code the app to control access but I’m not sure if that is good enough. For example, could a malevolent user of the app discover the underlying Firebase API key (using some network sniffer, for example) and use that to access the data? Are there any other Security/Privacy concerns with Cloud Variables that we should be aware of? Should we use something other than Cloud Variables that might give us more Security/Privacy?
Thanks in advance.