You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Many years ago developers had to use special Firebase Service Account(json file) with private key to upload dSYM files to Crashlytics. But nowadays, you have to provide only app id which is bundled with the app and is public.
Does it mean that anybody can upload any dSYM file for any Firebase app? If so, is this a security vulnerability because attacker can upload fake symbols to prevent Crashlytics from correctly symbolicating crash reports?
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Many years ago developers had to use special Firebase Service Account(json file) with private key to upload dSYM files to Crashlytics. But nowadays, you have to provide only app id which is bundled with the app and is public.
Does it mean that anybody can upload any dSYM file for any Firebase app? If so, is this a security vulnerability because attacker can upload fake symbols to prevent Crashlytics from correctly symbolicating crash reports?
Beta Was this translation helpful? Give feedback.
All reactions