I am trying to secure my Android application. It uses authentication provided by Google Firebase, I also store some information using Firebase Real-time database, and finally, the main functionality of the app relies on Speech-to-Text API provided also by Google.
I believe all these, can be restricted to one application (package name and app signature).
I have been playing the classic exclusion experiment, by enabling then disabling one API at a time, I couldn't find the right combination, nor any hint, any restriction yields a complete "UNAUTHORIZED" access.
The only option running now is not to restrict at all.
For what I tried already:
- Firebase real-time database management API (enabled and disabled)
- Cloud pub/sub API (I remember I saw this somewhere talking about Speech to text or Firebase but I am not sure!!)
- Firebase management and Firebase installation APIs
Always with
- Cloud speech-to-text API
Without any restriction at all, all works great, Authentication/database and speech-to-text; The project connects well with the only first App level connection by providing package name and application signature hash.
from What Google Cloud APIs should I open access for authentication, Firebase real-time database service and Speech to text API
No comments:
Post a Comment