I am broadly familiar with many Firebase services, but new to Firebase In-App Messaging specifically. I can see that the messaging types that make use of images require use of Firebase Storage for hosting the images, but I am surprised to observe that the access rights specified through Firebase Storage (Storage Rules) and Cloud Storage (IAM) seem to be ignored, FIAM seems to perform reads on images in a manner that is not dissimilar to how the Firebase Admin SDK is able to do whatever it wants.
This behaviour doesn’t seem to be documented, I’m curious as to whether anyone here has more experience with this service.