This document contains a checklist of things to consider before launching a Firebase app to production.
Update your connected apps
Android Add a release SHA-1 hash for your app's signing certificate in the Project settings of the Firebase console (for OAuth client IDs). This is required if your app uses Firebase Authentication (Google sign-in or phone number sign-in) or Firebase Dynamic Links.
iOS Update your App Store ID and Bundle ID and Team ID (if necessary) in the Project settings of the Firebase console.
Web Add access control for your domains to prevent unauthorized usage.
- Allow access to your production domain for browser API keys and client IDs in the Google Cloud console.
- Allow access to your production domain in the Authentication panel of the Firebase console.
Know your plan limits and set budget alerts
All The Realtime Database, Cloud Storage, and Hosting features have hard usage caps on the Spark pricing plan. Hitting these limits may mean that your app stops working as you intend. Consider upgrading to the Blaze pricing plan to remove these limits. See the pricing page for more details.
All Set up budget alerts for your project in the Google Cloud console.
All Monitor your Usage and billing dashboard in the Firebase console.
Enable App Check
All To help ensure only your apps can access your backend services, enable App Check for every service that supports it.
Prepare services
Analytics
All Define audience parameters for Analytics to start collecting users from launch.
All Upload proguard files for release builds for use in Crashlytics.
All Enable BigQuery linking if you plan to use BigQuery with your Analytics data.
Authentication
Android Add a release SHA-1 hash for your app's signing certificate in the Project settings of the Firebase console (for OAuth client IDs). This is required if your app uses Google sign-in or phone number sign-in.
iOS Ensure you have error handling on Apple platforms for common errors.
All Disable providers you aren't using (especially anonymous users in Firebase console).
All If using Google Sign In, personalize your OAuth consent screen.
All Customize your domain and sender for the Authentication email sending service.
Cloud Firestore
Android Make sure your release build uses ProGuard for code shrinking. Without ProGuard the Cloud Firestore SDK and its dependencies can add as much as 1MB to your APK size.
All Configure your Security Rules to prevent unintentional data access.
Cloud Messaging
iOS Be sure to upload your APNS Auth Key for Cloud Messaging on Apple apps in the Firebase console. If using APNS certificates, ensure that your production APNS certificate is uploaded.
All Enable BigQuery linking if you plan to use BigQuery with your Cloud Messaging data.
Cloud Storage
All Configure your Cloud Storage Security Rules to prevent unintentional data access.
Crashlytics
Android Upload proguard mapping for release builds for use in Crashlytics.
iOS Upload dsym file for release builds for use in Crashlytics.
All Enable BigQuery linking if you plan to use BigQuery with your Crashlytics data.
Dynamic Links
Android Add a release SHA-1 hash for your app's signing certificate in the Project settings of the Firebase console (for OAuth client IDs).
Firebase ML
Android See Prepare your Firebase ML Android app for production.
iOS See Prepare your Firebase ML Apple app for production.
Realtime Database
Android Configure your proguard rules to work with the Realtime Database.
All Configure your Realtime Database Security Rules to prevent unintentional data access.
All Ensure you're ready to scale. The Realtime Database has default quota large enough for most applications, but some apps may need extra capacity.
Remote Config
All Ensure any experimental Remote Config rules don't affect your release users, and that appropriate defaults are distributed in your app.
Release
Android Run Android apps through Test Lab to check for last minute bugs.
All Create Dynamic Links for key new features to use in promotional material and social media.