Skip to content
This repository has been archived by the owner on Apr 6, 2023. It is now read-only.

What Google Cloud APIs should I open access for authentication, Firebase real-time database service and Speech to text API #129

Open
ghost opened this issue Oct 19, 2020 · 0 comments

Comments

@ghost
Copy link

ghost commented Oct 19, 2020

I am trying to secure my Android application. It uses authentication provided by Google Firebase, I also store some information using Firebase Real-time database, and finally, the main functionality of the app relies on Speech-to-Text API provided also by Google.

I believe all these, can be restricted to one application (package name and app signature).

I have been playing the classic exclusion experiment, by enabling then disabling one API at a time, I couldn't find the right combination, nor any hint, any restriction yields a complete "UNAUTHORIZED" access.

enter image description here

The only option running now is not to restrict at all.

For what I tried already:

  1. Firebase real-time database management API (enabled and disabled)
  2. Cloud pub/sub API (I remember I saw this somewhere talking about Speech to text or Firebase but I am not sure!!)
  3. Firebase management and Firebase installation APIs

Always with

  • Cloud speech-to-text API

Without any restriction at all, all works greate, Authentication/database and speech-to-text; The project connects well with the only first App level connection by providing package name and application signature hash.

enter image description here

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

No branches or pull requests

0 participants