I am making a react-native App with Firebase backend.
User profile info is stored in Firestore unencypted under "Users" collection, like so:
Users : {
<uid1> : { // this is a document
uid : <uid1>,
name : "Sundar Pichai",
dob : 428535558167,
email : "sundar.pichai@google.com",
photo : "https://api.time.com/wp-content/uploads/2020/09/time-100-Sundar-Pichai.jpg",
company : "Google",
},
}
Client app will fetch documents of some users, and the app will show public data (only limited data) on screen, like name and photo.
App will not show other private info like dob, email etc unless the client user, has some specific privilages.
I am worried that if the entire document is anyways available at the client, can someone do a postmortem of the packets/data received and be able to read all the data fields ?
Specially if its a Web App.
One solution that I can think of, is using sepatate documents for public and private views. But that means: [1] Almost double the read count, and [2] i cannot query public info using a key that's only in private doc, like dob
UsersPublicInfo : {
<uid1> : { // this is a document
uid : <uid1>,
name : "Sundar Pichai",
photo : "https://api.time.com/wp-content/uploads/2020/09/time-100-Sundar-Pichai.jpg",
company : "Google",
},
}
UsersPrivateInfo : {
<uid1> : { // this is a document
dob : 428535558167,
email : "sundar.pichai@google.com",
},
}
Am I worrying too much about this data examination ?
Is it an issue for data security ?
PS: It's actually not a firebase specific question.
