It seems obvious to most people on HN that you'd have to secure user data to only be accessible by that user but I've found many young mobile devs to not grasp these 'backend' basics which is unfortunate.
In a way I blame this on Apple/Google for making their platforms convoluted enough that people have to spend years learning how to develop Android and iOS but not have a proper understanding of the web services powering APIs.
Thought about this some more and it's definitely not just Google/Apple's fault per se but the respective mobile communities strongly push technology churn a la JS frameworks. Except in Androids case it's, getting your architecture right, using MVP, dissecting Dagger and dependency injection, learning kotlin, learning rxjava, learning MVI because mvp isn't good enough anymore.
Eventually you just get caught up in this constant flurry of learning more without actually learning anything
It’s due to laziness. Most of the times when I looked up how to implement a feature via Firebase — such as public profiles — there were instructions on implementation and on what new rules to add.
It’s either that or the developer simply doesn’t understand the abstraction of Firebase. You can easily check if the rules work by loading up your browser console and trying to access different branches of data with varying credentials.
In a way I blame this on Apple/Google for making their platforms convoluted enough that people have to spend years learning how to develop Android and iOS but not have a proper understanding of the web services powering APIs.