Firebase DB
Contrary to SQLite and Realm DB, which store data locally, Firebase is a cloud database. It allows developers to collect data from many application users and store it online in JSON format. If a device generates data that must be stored in the database while offline, that data is temporarily stored locally. When the device goes back online, Firebase automatically synchronizes the local data with the online instance.
Due to its online nature, carefully enforcing authorization and access control in Firebase is of paramount importance. By default, all data is public and can be accessed by every user. Granular read and write permissions should be configured for each database object through Database Rules.
We can retrieve publicly available data from misconfigured Firebase instances by browsing to the URL <projectname>.firebaseio.com/.json
“firebase ProjectName” corresponds to the name of the Firebase instance we are trying to access. To obtain this name, we can use the Firebase Scanner tool, available on Firebase-Scanner-Tool. Alternatively, we can locate it by reverse engineering the mobile app and inspecting the code.
The following methodology is a good option for firebase databases: