How Google Accesses the data in your Phone (And How to Prevent It): The Firebase ‘Interception’ Risk

A number of years ago, in a transaction of which its implications were not immediately understood by users and developers of mobile apps, Google acquired Firebase, a platform that provides back-end services for mobile and web app developers.

At the time of acquisition, Firebase was described as a ‘sockets’ service that simplified app development by handling common back-end tasks, allowing developers to focus on coding apps instead of building infrastructure. This acquisition first introduced integration between Firebase and Google services.

Since the acquisition, Google has continued to integrate Firebase deeper into nearly all of its services, including the massive Google Cloud Platform.

This continuing integration and Firebase’s data collection practices have introduced some uncertainties and concerns, especially around privacy and security, given Firebase’s ties to Google.

Firebase views itself as making it easier for programmers to handle the ‘plumbing’ and flow of data internally within mobile apps, but this data collection is controversial.

While Firebase claims data collection is necessary to provide services like cloud storage and authentication, some critics argue it enables surveillance or monitoring of virtually all of the user data flowing through apps built with Firebase.

These critics have raised broader concerns about Firebase’s potential to collect and process user data and the implications around privacy, security, and monitoring.

Avoiding Firebase if you’re a end-user: How to Choose Independent App Versions that don’t contain the Firebase code

Some end-users may prefer to avoid using Firebase and instead opt for alternative apps that prioritize code with data privacy and security.

As an end-user concerned with privacy, you should know that many mobile apps, including those for Android, can be downloaded directly from the app developer’s website with source code that does not contain Firebase.

For example, Telegram offers an Android app downloadable from Telegram.org that does not contain Firebase code.

In contrast, the Telegram app downloadable from the Google Play Store does contain Firebase code.

This underscores the fact that apps can be distributed separately from Firebase directly by app publishers, giving users the freedom to select app versions without being subject to the data and privacy concerns associated with Firebase’s code and services.

For app developers: How to create Mobile Apps that don’t rely on Firebase

To avoid potential data interception by Google’s Firebase, developers can use a reputable third-party socket library for their app’s programming language. In terms of specific code libraries, there are many options available for both iOS and Android, such as Socket.IO, OkHttp, and CocoaAsyncSocket.

For developers with less experience or those looking to save time, other backend-as-a-service (BaaS) platforms offer alternatives to Firebase for building custom backend infrastructure.

By using a BaaS, pre-built backend services can be seamlessly integrated into an app, allowing developers to focus on the frontend and user experience without turning to Google’s Firebase.

Examples of BaaS platforms include Back4App and the open-source Supabase, which provide services similar to Firebase but are independent of Google.

Overall, there are various options to enable developers to prioritize data privacy and security when building mobile and web applications.

Carefully evaluating the privacy policies and terms of service of any third-party service, including Firebase or alternatives, can help ensure compliance with relevant laws and regulations and protect user data.

Interested to continue discussing Firebase? Join the Jeff.pro forums

Join the Jeff.pro online community and engage in discussions with members who are interested in Open Source App development and the Linux Operating System, all in the Jeff.pro forums!