Firebase DB doubts

  1. can a user find details like firebase db url, API Key etc. if they have access to the apk ?
  2. (this one may sound stupid, but stil…) can we set the write rules of a project using blocks ?

1 a. There are a few things you can do, such as use the obfuscation function in text. You can also do some fancy API key reassembling.

1 b. You can use my extrention HackProof to see if the device is rooted, on an emulator or using ADB debugging to reduce the chance that you can find the API’s

  1. No, unless you use Firebase Authentication, then you can set different users to different write areas you have setup ahead of time. You can also “channel” all the writes to dynamic subdirectories. It is not foolproof, but does obfuscate.

But even ‘root’ can be hidden using Magisk (If your extension helps to block rooted users).

Kodular doesn’t encrypt data like API key, DB URLs etc. by default ?
Can people be able to read the data if they decompile the apk ?

I doubt if rooted users can find the database to which a request is send from the apk :pensive:


There is a text block with you can protect your keys a bit more called obfuscate text in Text category.


I don’t think this is easy as you thought. So don’t worry much.

1 Like

Thank @yusufcihan . I did not say where it was located properly.

1 Like

Ops, sorry. I didn’t saw that.

1 Like

How to apply obfuscation to value of variable? For example if i generate an ID with randomization and want keep in phone’s memory (for example tiny db). Can i keep it secured?

Store an obfuscated text block as the TinyDB value. Or you could even encrypt the data with the Cryptography components.

1 Like
  1. may question is how to put my random generated number into obfuscated text block?
  2. I tried but could not use cryptocraphy component. only used succesfully bas64 encoding but there are a lot of online base64 decoders that is why dont want to use base 64. i want use aes256 but could not do.

No way to do this at runtime.

Did you use a proper key?


what is proper key? can yo help me please? i saw that i must input some key but ded not know what is this and where can i find that key

Generate one. There are tutorials and resources online on this topic.


can you explaine more pls

Use this block:

that block i know, the translater translated wrong sorry,

1 Like

I think it is good to use but if someone want to see those details then they can do it by hook or crock because APK can be decompiled and it’s all files/menifest etc can be seen

Well the Obfuscation modifies the data through an algorithm so it is not in plain text when compiled, therefore you cannot find it easy when it is uncompiled.