Elye, thanks for bringing attention to this security risk. The simplest architecture pattern is to have separate Firebase projects for staging/qa and production/release environments.

The Android client can initialize the corresponding Firebase authentication based on the Build environments in Gradle. Then, testing new changes to the server, database, remote config, and etc can be fully rolled out on the testing Firebase project first.

Open Sourcer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store