Implement Virgil Security’s End-to-End Encryption in your Firebase App — Why and How?
Today, everyone uses form of online platform to connect with people. Using chat-apps like Whatsapp to talk with our friends and family has almost become a second nature to most of us.
But nobody stops to think about the amount to information that we share on these apps, blindly believe that the app’s basic security is more than enough to keep this data secure. Never do we wonder about the scenario where this data can be in the hands of hackers, government officials, hosting servers etc.
Today’s technology has given us a very simple and cheap method to communicate with people across the world. This ease of access has blinded our judgement while choosing the preferred online messaging platform, pushing us to choose convenience over security.
This is where End-To-End Encryption comes into play. It ensures that all our data is encrypted at all times. There is a massive amount of information that is being sent, shared, and stored from one end (sender) to the other(receiver). Between these two endpoints, our data can come across things likes service providers, online app hosting servers, and in some cases, hackers!
We need to ask ourselves a simple question:
What if we don’t provide unfettered access to our data to these points?
What if we keep our data completely encrypted from one end to the other? The servers and service providers can do there thing on the encrypted data. In reality, they don’t need to know what data is being sent.
But users don’t really care about secure the app that they are using is. It is upto the developer to worry about such things.
Facebook Messenger is one of the most popular messaging platforms but it only encrypts the user’s data when it is en route from a user’s device and the server where the data is stored.
Whatsapp on the other hand, encrypts the user’s data all the way!
Ensuring that our online communication platforms are secure and have end-to-end encryption should be a priority for all of us. Vulnerabilities that can arise from insecure communication platforms can take place anywhere from email and online storage to social media and instant messaging. Without end-to-end encryption, any data shared including the content of conversations, log in locations/times, pictures, telephone numbers and videos are saved on a server and can be found floating on the web putting us at risk.
End-to-end encryption gives users true privacy, preventing anyone else from eavesdropping on conversations — even the very communications services they’re using.
End-to-end encryption is also a real differentiating feature from most other popular collaboration apps whose business models fundamentally rely on being able to read, analyse and profile your conversations.
Check out this simple tutorial to learn how to implement End-To-End Encryption in a React App:
Implement End-To-End Encryption in Firebase
Now that we have taken a look at why End-to-End Encryption is a big deal, let’s take a look at how we can implement it in a Firebase App.
Firebase is a mobile and web app development platform that provides developers with a plethora of tools and services to help them develop high-quality apps, grow their user base, and earn more profit.
Firebase is not just one tool, but it is a platform that consists of multiple tools that help make the app development process easier.
Let’s take a look at the database of a Firebase app:
Here, you can easily see that the data for what it really is. Firebase is a very secure platform for our data, but it does not encrypt the user’s data. So if in case a hacker is able to get access to your Firebase Project, the hacker will have no trouble stealing any sensitive information that is stored there.
Introducing Virgil Security’s End-to-End Encryption SDK for Firebase
By using Virgil’s End-To-End Encryption SDK, even Firebase will not have any idea about what information is stored in the database!
This SDK encrypts the data on the sender’s side using a key. The encrypted data will then travel towards the receiver. It will come across various things like service providers and hosting servers, which will just assume that the data is some gibberish, and will pass it along to the receiving device. Only the receiving device will contain the key that will decrypt the data.
To learn how to use this SDK, check out this Tutorial App that will show you how to build a Firebase Chat App:
In Android:
In iOS:
Additional Resources:
Check out this video where David Szabo talks about End-To-End Security in iOS.
To learn how to implement End-To-End Encryption for any app, check out:
