I'm 3-season-old flutter dev now trying to compile my little app! i'm using cloud_functions package, and worrying about something that might sound like a dumb idea for gurus.
Few weeks ago, i had read several articles that reverse-engineering flutter app and dart engine really explicitly, even revealing strings in the original app.
Right after reading those articles, i could've understood the reason why people interested in the security issues always say, like 'you must not include sensitive info in the plain source code since your compiled app can be reverse-engineered', and felt feared.
So i migrated all those info into firestore and locked the store with simple security rules, and here comes the main question:
Now, i'm wondering if my cloud functions's source code written in js would be compiled together when i run build commands. The directory is generally named functions and we can find index.js inside the directory, which includes really sensitive info such as the name of callable functions or core strings used in hashing methods.
If dart compilation includes functions folder into its process, it is possible for attackers to figure out those important info in index.js. IMO, it is not reasonable to do that with build methods, so i don't have to worry about it.
But i just want to make it clear through this simple question to the gurus that my index.js is already safe! Thanks in advance [:
Your Cloud Functions code are stored on Google's servers.
Here's a quote from the Cloud Functions documentation:
Your JavaScript or TypeScript code is stored in Google's cloud and runs in a managed environment. There's no need to manage and scale your own servers.
And to your question about reverse engineering, Cloud Functions helps with that too.
In many cases, developers prefer to control application logic on the server to avoid tampering on the client side. Also, sometimes it's not desirable to allow that code to be reverse engineered. Cloud Functions is fully insulated from the client, so you can be sure it is private and always does exactly what you want.