Skills / Engineering / Firebase APK Scanner

Firebase APK Scanner

Scan Android APKs for Firebase misconfigurations — open databases, public storage buckets, weak authentication, and exposed cloud functions. For authorized mobile app security audits and research.

Mobile apps routinely ship with Firebase backends left wide open. This skill extracts Firebase config from an APK and probes for open Realtime Database and Firestore instances, public Storage buckets, insecure auth, and exposed Cloud Functions, reporting each finding with evidence. For authorized security research only.

security mobile android firebase pentest

When to use

Use when analyzing Android APK files for Firebase vulnerabilities, performing mobile app security audits, or testing Firebase endpoint security with proper authorization.

Examples

Scan an APK

Find open Firebase endpoints in an Android app

Scan this APK for Firebase misconfigurations like open databases and public storage buckets

Mobile audit

Assess Firebase backend security

Audit the Firebase backend exposed by this Android app and report any insecure endpoints
Added to wishlist