@nikzdevz can you find airtable api key also?
Please tell me
1 Like
@HritikR What will happen if example my api is dogcattiger128 and i store value in airtable is dogcattigeur128 after i got value i will erase u and use it as api key ?
If you will erase the value from airtable. How will other users get that API key stored in airtable?
@HritikR for example my firebase api key is “lokiee” and i stored “lokfiee” and when got value i will erase “f” after that i will use it is this good?
1 Like
https://www.youtube.com/channel/UC1O_ZmA-pbhOwsoibHSH7vg
https://yudhbhoomi-da952-default-rtdb.firebaseio.com
https://yudhbhoomi-da952-default-rtdb.firebaseio.com/
https://yudhbhoomi-da952-default-rtdb.firebaseio.com/Appdetails
https://yudhbhoomi-da952-default-rtdb.firebaseio.com/Join
https://yudhbhoomi-da952-default-rtdb.firebaseio.com/Numbers
https://yudhbhoomioffical.blogspot.com/2022/01/yudhbhoomi-home-page.html
https://drive.google.com/drive/folders/1fwWMDx6YK8B3nGcZcsrMVasNM7MqpTOc?usp=sharing
https://drive.google.com/file/d/1LeqhLTxNefQJUF3yeK4clDoufptCXxSQ/view?usp=drivesdk
I got onesignal and firebase API key and i was able to bypass the screen and able to edit tiny db values on rooted device and i changed the app package name by modifying the Dex files and app still works without checking package name and i got some obfuscated strings and these obfuscated strings values was readable at run time by reading memory and traffic capture
3 Likes
which software did you use
Can you give us some info on what to do to make our apps fully secure
Shreya mean that if you are planning to hide your URL with encryptions or fetching them from any database then it is just a waste of time as you can not hide URL from hackers. They can get your APIs details after decompiling the app or reading those URLs by capturing your http traffic.
And if we talk about databases, then firebase is a secure database but with rules, if you do not have rules in firebase then it’s really 1 minute thing to wipe out your whole firebase data. And as I said already you can not hide your APIs so make sure to use rules in firebase database.
Airtable and Baserow both database works with similar algorithm of a token key. A hacker can easily steal that key from after capturing the packet and then can use it against you with full control. AFAIK, there is no way to prevent these two database to get hacked. However, you should go with your custom php scripts. You can control or secure them with your own way.
You can restrict your app in rooted phone to prevent the traffic capturing of your app. It will reduce some risk to view your APIs.
4 Likes
@iamwsumit Thank you so much for understanding this but my question is how i can write secure rules i have no idea about firebase rules
Can you please tell me how i can write best rules for my app can i p.m you??
you no need encrypt Api, but the encrypt only Values.
only you can decode them
Make aunth and only aunth can edit
1 Like
- Encrypt your url.
- Encrypt your api key.
- Make strong database rules.
1 Like
Block aunth firebase and make rule firebase only aunth can read or editS
can you show me block and rules please
Also rules have in Airtable, Baserow, Googlesheet ?
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.