App Check works alongside other Firebase services to help protect your backend resources from abuse by allowing only your apps to access them.
App Check works alongside other Firebase services to help protect your backend resources from abuse, such as billing fraud or phishing. With App Check, devices running your app will use an app or device attestation provider that attests to one or both of the following:
- Requests originate from your authentic app
- Requests originate from an authentic, untampered device
This attestation is attached to every request your app makes to your Firebase backend resources.
App Check has built-in support for using the following three services as attestation providers:
- DeviceCheck on iOS
- SafetyNet on Android
- reCAPTCHA v3 on web apps
If these are insufficient for your needs, you can also implement your own service that uses either a third-party attestation provider or your own attestation techniques.
App Check currently works with the following Firebase products:
- Realtime Database
- Cloud Firestore
- Cloud Storage
- Cloud Functions (callable functions)
Related tags
firebase firebase-realtime-database google-cloud-firestore firebase-storage google-cloud-functions firebase-authentication firebase-security
