I was wondering if somebody gets our Firebase project ID (which is mostly hardcoded in google info.plist and can be obtained), then they can create a duplicate flutterflow project and potentially access database, change rules and make changes as well. They would need to know the collection structure but still.
Have people thought of ways to avoid this vulnerability?