Need help to complete the app at the last stage

Hello seniors

I download an aia and modify it to make an tournament app for BGMI, FreeFire, COD.
I launched that app, Around 50+ people start using the app.
Everything is going good and smooth but suddenly I saw a users account and in his profile I saw 50 coins. He did not deposit and I did not Add. But how he can get the 50 coins. I cant understand.
Then I realized that this is happening because if open rules of firebase.
I tried many options to protect like
1- try to set the url and token manually with cryptography component but it shows the error “Invalid firebase url”
2- try to set rules, authentic person can read and write. In that case app shows the error “permission denied”
3- then I try to setup gmail login, again it shows error “permission denied”
4- then I try to make another project for storing data and get that url from airtable again its not worked
5- I then I use Asymmetric cryptography extension on it for manually setting up url and token, this method also dont works.

I need only to make the app secure from Hackers or APK editor tools

I can also use the Hack protect Extension, but it will also useless if hacker got the apk then also he can modify it

I search many times in community regarding this, but I cant find any perfect solutions for this issue

Kindly help me on that.

If any genius of kodular ready to help me I will provide him the aia file to make changes on it and correct my mistakes .

Thank you so much in advance.

You forgot to mention how much you will pay.

Your API keys will be easily accessible in your decompiled app regardless of encryption, they are in the google-services.json file you uploaded, and are actually supposed to be public. Are you using Firebase Authentication, if you are not it will give you the permission denied error from Firebase. Did you set restrictions on your API keys for your app?

I can help you in your issue
dm me for more info…