I developed an app to test the google login feature using flutter and google authentication. The project is a closed project and only I have access to it. But recently I saw that there was a google sign in from an unknown Email ID. How did the user login without the build of my app? Has my account been hacked? What is going on?
Anyone with knowledge of your project's API Keys can access your Firebase Project using simple CURL Commands.
This is why it's a good idea to add restriction to those API Keys
如果没有,请访问 https://console.cloud.google.com 和
- 选择您的项目
- 点击左上角的菜单图标(汉堡图标)
- 转到API&服务,然后是凭据
您可以查看Google Cloud Project(链接到Firebase Project)的API,然后为API密钥设置限制,刷新它们或限制对Android或iOS等特定平台的访问.
You can view the APIs for your Google Cloud Project (linked to your Firebase Project) and then set restrictions for the API keys, refresh them or restrict access to specific platforms like Android or iOS.
您还可以设置允许访问API密钥的Firebase组件的限制.例如,如果您的项目不需要使用Cloud Firestore,则可以确保API密钥不能用于调用Firestore数据库
You can also set restrictions on which components of Firebase the API key is allowed to access. For example, if your project doesn't require the use of Cloud Firestore, you can ensure that the API Key cannot be used to make calls to the Firestore Database
说了算,我仍然建议您通过 https://firebase.google.com/support/troubleshooter/contact
All said and done, I would still recommend that you shoot a mail to the Firebase Support team at https://firebase.google.com/support/troubleshooter/contact