ChrisCanuck

Having used Firebase myself, you cannot blame Google at all. Quite literally, when you open a project it is secure by default. You have to turn off database authentication yourself with a nice warning modal telling you it’s a bad idea.
People turn off authentication when building the app for testing purposes but it should always be turned back on. This is just laziness on the part of the developers. Also, why in the heck are they storing user passwords instead of using Firebase Authentication? And isn’t health data supposed to be encrypted on the database?