@eugenetereshkov, does using Firebase remote config add an additional layer of security since the keys are passed via a network request?

My theory why Firebase Remote Config may be a good security option is because it is harder to sniff the Https requests from the app then decompiling the APK and reading the strings from the generated file. For instance, when I debug an app with Charles Proxy you can’t view the endpoint details unless the app is compiled in Debug mode due to newer Android security measures.

Here is a current StackOverflow on this topic where a Firebase team member shared his thoughts.

Open Sourcer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store