Firebase security

If I somehow manage not to set my firebase url and token in the apk and allow a compiled app (after authentication) only to get firebase url and api token. Can the firebase be still be hacked(assuming I have set all users to read and write in rules)?

Follow the Guide By @Avijit


By @TimAi2

I Know these guides but plz anwer my original question:

Let me tell you my database structure, then plz suggest me the rules:

Sample database:

Names(Bucket 1):
+1234567890(Tag1): XYZ
+1234567899(Tag2): ABC

Now, I want that read should be allowed to everyone but writing should be user specific. Like a user with mobile number +1234567890 should be allowed to change his tag(name) value only.

Plz help me how to achieve this?

Connect it to Firebase Authentication ( Phone No. Login) now as Per guides Set Rule to Authenticated users to Write database.

In The App Side Follow @TimAi2 's Guide to Append Value and in that Put a Condition

if Tag = Mobile no. 
    Append Value : PQR


Can u please elaborate more…I tried but didn’t get it.