Enhancing App Security Using Firebase App Check

Transcript

1. Enhancing App Security with Firebase App Check App Security

2. Software Engineer Technical Writer Co-lead Firebase Kenya My name is

   Victoria Mutai.

3. Introduction

4. None

5. Firebase App Check is designed to protect your backend resources

   and APIs from potential abuse and unauthorized access. Ensures authenticity of the application and the device it runs on. Prevents malicious access to your application.

6. How App Check enhances security Real-time Threat Monitoring 🛡️ 1.

   Monitor and detect potential threats in real-time, safeguarding your app from malice 2.Protection Against Impersonation 👤 Defending your app against unauthorized users and bots attempting to iimpersonate valid users. 3.Secure Communication Channels 🔒 Establish secure connection between your android application and backend services, ensuring data integrity and preventing tampering

7. Features of App Check Add an extra layer of protection

   using Google's reCAPTCHA service. Ensure that users accessing your app are human and not automated bots. Recaptcha Integration Provide additional security by verifying the integrity of your app's code. Prevent attackers from leveraging modified versions of your app. App Attest Integration Verify the integrity of the device where your app is running. Prevent unauthorized usage of your app on compromised or rooted devices. Device Attestation
8. None

9. Play Integrity Provider In the Google Play Console, select your

   app, or add it if you haven't already done so. In the Release section, click App integrity. Go to the Play Integrity API section of the page, click Link Cloud project, then select your Firebase project from the list of Google Cloud projects. The project you select here must be the same Firebase project as the one in which you register your app Enable the Play Integrity API: a. b. c. You can get your SHA-1 from the Google Play Console on the Release > Setup > App Integrity page.

10. Token Verification

11. In Firebase App Check, token expiration is an inherent part

    of the security model. Tokens obtained through Firebase App Check are configured with a specific expiration time, and developers can leverage this feature to enforce secure access to backend services. You can customize token expiration settings based on their application's security requirements, striking a balance between usability and security. Firebase App Check provides straightforward methods for checking the validity of tokens and refreshing them as needed.
12. None
13. None

14. Monitoring

15. None

16. Use Case of Firebase App Check Imagine an e-commerce app

    that dynamically adjusts the level of authentication required for transactions based on the user's location, time of day, and the device's integrity status. During normal circumstances, the user might experience a seamless transaction process. However, if anomalies are detected, such as a login from an unfamiliar location, the app could adapt by triggering additional authentication steps. By incorporating adaptive security policies, Firebase App Check not only enhances the security posture of the app but also ensures a responsive and user-friendly experience tailored to the specific risk context.
17. None

18. Thanks for listening!

19. Lets Talk; linkedin.com/in/victoria-mutai/ Twitter: vicky__mutai

20. Resources Firebase Documentation - https://firebase.google.com/docs/app-check 1.