I am trying to secure my Android application. It uses authentication provided by Google Firebase, I also store some information using Firebase Real-time database, and finally, the main functionality of the app relies on Speech-to-Text API provided also by Google.
I believe all these, can be restricted to one application (package name and app signature).
I have been playing the classic exclusion experiment, by enabling then disabling one API at a time, I couldn't find the right combination, nor any hint, any restriction yields a complete "UNAUTHORIZED" access.
The only option running now is not to restrict at all.
For what I tried already:
Firebase real-time database management API (enabled and disabled)
Cloud pub/sub API (I remember I saw this somewhere talking about Speech to text or Firebase but I am not sure!!)
Firebase management and Firebase installation APIs
Always with
Cloud speech-to-text API
Without any restriction at all, all works greate, Authentication/database and speech-to-text; The project connects well with the only first App level connection by providing package name and application signature hash.
I am trying to secure my Android application. It uses authentication provided by Google Firebase, I also store some information using Firebase Real-time database, and finally, the main functionality of the app relies on Speech-to-Text API provided also by Google.
I believe all these, can be restricted to one application (package name and app signature).
I have been playing the classic exclusion experiment, by enabling then disabling one API at a time, I couldn't find the right combination, nor any hint, any restriction yields a complete "UNAUTHORIZED" access.
The only option running now is not to restrict at all.
For what I tried already:
Always with
Without any restriction at all, all works greate, Authentication/database and speech-to-text; The project connects well with the only first App level connection by providing package name and application signature hash.