android - how can i make my database safe when using real-time database firebase?

Question

I am new to Firebase and I want to understand it How do I make Database safe? When i using real-time database, if i make rules like this:

    {
  "rules": {
    ".read": true,
    ".write": true
  }
}

Is this safe?

If it is not safe for my app, how do I make it safe?

What does it mean to add auth (users who have registered) reading and writing in the rules, is it a good way to protect databases, and how do I do this?

If the rules are true, what are the risks that implementation may face and when? What is the alternative? – TaHa M. Younis 22 mins ago

Answer 1

The security rules of your app depend almost solely on the business logic of the app. So just like you will have to figure out the code to match your use-cases, you also have to figure out the security rules (and data model) to match your use-cases. There is no way for us to do that for you in a simple Q&A fashion here.

I highly recommend getting started with the Firebase documentation on security rules, which includes an explanation of concepts, how security rules work, and some great examples of common use-cases such as content-owner only access, role-based and attribute-based access control and others.