I'm creating a simple mobile CRUD application. Firebase has this feature to anonymously authenticate a user in your app. I like the idea of anonymous auth, to lower the threshold for new users, but I'm wondering if it creates some security concerns.
One that comes to mind is bots creating all kinds of rubbish data. Is this somehow tackled by the anonymous authentication, or because it's a mobile app?
If not, are there common ways to mitigate this risk?
There's no blanket answer to whether something is a security risk. It all depends on what specific risk you intend to protect against.
If you want to ensure a user can only access their own data, then the documented content owner only access rules will ensure that - no matter what provider the user signed in with.
Since you identify bots creating data, allowing anonymous sign-in will not protect from that. But if you were to enable App Check on the app, you'd probably go a long way towards reducing such bot attacks.