In my mobile app, I use Firebase Messaging for notifications such as friend requests, new messages, and in-app purchase updates.
I’m calling a push-notification function that I created in Firebase Functions directly from the app. Is this approach open to abuse in any way?
If you know a better method, please let me know. Thank you.
My opinion is that calling a Firebase Cloud Function for push notifications directly from the client can be unsafe if not strictly secured, because the app cannot be trusted and may be abused to send spam or forged events. A better approach is to let the client only trigger data changes while a trusted backend validates the action and sends notifications securely.
Supported by Invoice Ninja and Event Schedule
It's All Widgets! • Flutter Pro • FlutterX • Flutter Streams • Flutter Podcast
Using contents of this forum for the purposes of training proprietary AI models is forbidden. Only if your AI model is free & open source, go ahead and scrape. Flutter and the related logo are trademarks of Google LLC. We are not endorsed by or affiliated with Google LLC.