My Realtime Database rules are as follows:
{
"rules": {
"$uid": {
".read": "auth !== null && auth.uid === $uid",
".write": "auth !== null && auth.uid === $uid"
}
}
}
This is what is officially recommended by Google here, which is why I find it odd that it would be flagged as insecure.
My current rules perfectly restrict data read and write access to only data specific to the user in question.
Data is stored in a simple file hierarchy within the database:
UID
As such, I would like to know why my database is still being flagged as insecure and why I am still receiving such warnings
These rules are indeed a correct way to ensure owner-only access, and should not be flagged as insecure by the system. Are you sure the message you receive is for the project that has these rules?
Keep in mind that it may take up to 24 hours for the message to stop appearing.