Got a social app and using firebase authentication. Noticed a sudden increase in users and they're all quite obviously fake. It appears they're pinging the identitytoolkit api even when I put the app into maintenance mode (basically shows a maintenance screen so shouldn't have been able to log in).
Any suggestions?
Enforced App check but that seems to not block them, it even says they're returning a valid app check token
Looked into blocking IP addresses but they are cycling different IP addresses so can't just ban based on that
I've regenerated all api keys in case one was compromised
I want to try adding in telephone auth as an added step but that just adds a new, separate auth account. Found that you firebase can link accounts (https://firebase.google.com/docs/auth/android/account-linking, https://firebase.google.com/docs/auth/ios/account-linking
) but don't code so not sure how to implement in Flutterflow
Same goes for using recaptcha. Only can see how to do that for a web app (mine's a mobile app with only Google and Apple sign in), not sure how I can add it a mobile app flow in Flutterflow
