ไปที่คอนโซล

Firebase 中的隐私权和安全性

Firebase 中的隐私权和安全性

本文概述了有关 Firebase 的安全性和隐私权的重要信息。无论您是要使用 Firebase 启动新的项目,还是想知道 Firebase 如何与您现有的项目配合工作,请继续阅读下文,了解 Firebase 如何有助于保护您和您的用户。

上次修改时间:2019 年 2 月 7 日

数据保护

Firebase 支持 GDPR

2018 年 5 月 25 日,欧盟的《一般数据保护条例》(GDPR) 取代了 1995 年颁布的《欧盟数据保护指令》。Google 将致力于帮助客户在遵守 GDPR 规定的前提下取得成功,无论这些客户是大型软件公司还是独立开发者。

GDPR 规定了数据控制方和数据处理方的义务。在因使用 Firebase 而向 Google 提供其最终用户的任何个人数据时,Firebase 客户通常扮演着“数据控制方”的角色,而 Google 通常是“数据处理方”。

这意味着数据处于客户的控制之下。控制方有责任承担相应的义务,比如维护个人用户在其个人数据方面享有的权利。

如果您是我们的客户,并且想要了解您作为数据控制方的责任,则应该熟悉一下 GDPR 的规定,并检查您的法规遵从计划。

要考虑的关键问题有:

  • 贵组织如何确保用户能够清楚了解和控制数据使用情况?
  • 您确定贵组织已按照 GDPR 的规定获得了必要且恰当的同意吗?
  • 贵组织是否拥有妥善的系统来记录用户的偏好和同意?
  • 您如何向监管机构和合作伙伴表明您符合 GDPR 的原则并且是一个负责任的组织?

Firebase 数据处理和安全条款

当客户使用 Firebase 时,Google 通常充当着数据处理方的角色,可代表客户处理用户的个人数据。Firebase 条款包括所有 Firebase 服务的数据处理和安全条款,这些条款自 2018 年 5 月 25 日起生效。

已经有相关的数据处理条款(Google Cloud Platform (GCP) 数据处理和安全条款)对受 Google Cloud Platform (GCP) 服务条款约束的某些 Firebase 服务做出了规定。您可以在 Firebase 服务的服务条款中查看当前受 GCP 服务条款约束的全部 Firebase 服务的列表。

Google Analytics for Firebase 服务则受到 Google 广告数据处理条款的约束。

Firebase 已通过主流的隐私权和安全标准认证

ISO 和 SOC 合规性

所有 Firebase 服务都已成功完成了 ISO 27001SOC 1SOC 2SOC 3 评估流程,部分服务还完成了 ISO 27017ISO 27018 认证流程:

Service name ISO 27001 ISO 27017 ISO 27018 SOC 1 SOC 2 SOC 3
Google Analytics for Firebase check check check check
ML Kit for Firebase check check check check
Firebase Test Lab check check check check check check
Cloud Firestore check check check check check check
Cloud Functions for Firebase check check check check check check
Cloud Storage for Firebase check check check check check check
Firebase Authentication check check check check check check
Firebase Crash Reporting check check check check
Firebase In-App Messaging check check check check
Firebase Invites check check check check
Firebase Cloud Messaging check check check check
Firebase Predictions check check check check
Firebase Performance Monitoring check check check check
Firebase Hosting check check check check
Firebase Dynamic Links check check check check
Firebase Remote Config check check check check
Firebase Realtime Database check check check check
Firebase Platform check check check check
Firebase A/B Testing check check check check

隐私护盾框架认证

2016 年 7 月,欧盟委员会认定,欧盟-美国隐私护盾框架提供的某种适当机制可帮助欧盟公司遵循欧盟数据保护指令中有关如何将个人数据从欧盟传输到美国的规定。Google LLC 已通过欧盟-美国隐私护盾框架和瑞士-美国隐私护盾框架认证。您可以在 Privacy Shield list(隐私护盾列表)中查看这些认证信息。

数据处理信息

由 Firebase 处理的最终用户个人数据的示例

某些 Firebase 服务会对您的最终用户的个人数据进行处理,以提供相应服务。下面的图表展示了有关各种 Firebase 服务如何使用和处理最终用户个人数据的若干示例。此外,许多 Firebase 服务还允许您请求删除特定的数据或控制数据的处理方式。

Firebase service Personal data How data helps provide the service
Cloud Functions for Firebase
  • IP addresses

How it helps: Cloud Functions uses IP addresses to execute event-handling functions and HTTP functions based on end-user actions.

Retention: Cloud functions only saves IP addresses temporarily, to provide the service.

Firebase Authentication
  • Passwords
  • Email addresses
  • Phone numbers
  • User agents
  • IP addresses

How it helps: Firebase Authentication uses the data to enable end-user authentication, and facilitate end-user account management. It also uses user-agent strings and IP addresses to provide added security and prevent abuse during sign-up and authentication.

Retention: Firebase Authentication keeps logged IP addresses for a few weeks. It retains other authentication information until the Firebase customer initiates deletion of the associated user, after which data is removed from live and backup systems within 180 days.

Firebase Cloud Messaging
  • Instance IDs

How it helps: Firebase Cloud Messaging uses Instance IDs to determine which devices to deliver messages to.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Crash Reporting
  • Instance IDs
  • Crash traces

How it helps: Crash Reporting uses crash stack traces to associate crashes with a project, send email alerts to project members and display them in the Firebase Console, and help Firebase customers debug crashes. It uses Instance IDs to measure number of users impacted by a crash.

Retention: Crash Reporting retains crash stack traces for 180 days. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Dynamic Links
  • Device specs (iOS)

How it helps: Dynamic Links uses device specs on iOS to open newly-installed apps to a specific page or context.

Retention: Dynamic Links only stores device specs temporarily, to provide the service.

Firebase Hosting
  • IP addresses

How it helps: Hosting uses IP addresses of incoming requests to detect abuse and provide customers with detailed analysis of usage data.

Retention: Hosting retains IP data for a few months.

Firebase Invites
  • Device specs (iOS)
  • Locally-stored contacts

How it helps: Invites allows users to send invitation links to their contacts. Those links are Firebase Dynamic Links, which use device specs on iOS to open newly-installed apps to a specific page or context.

Retention: App Invites only accesses locally-stored contacts from the device, and only stores device specs temporarily, via Firebase Dynamic Links, to provide the link service.

Firebase Performance Monitoring
  • Instance IDs
  • IP addresses

How it helps: Performance Monitoring uses Instance IDs to calculate the number of unique app instances that access network resources, to ensure that access patterns are sufficiently anonymous. It also uses Instance IDs with Firebase Remote Config to manage the rate of performance event reporting. Additionally, it uses IP addresses to map performance events to the countries they originate from. For more information see Data collection.

Retention: Performance Monitoring keeps instance and IP-associated events for 30 days and de-identified performance data for 180 days. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Predictions
  • Instance IDs

How it helps: Predictions uses Instance IDs to associate app instances with a project and to retrieve a time series of events. It uses those events to enable prediction of the likelihood of occurrence of customer-specified events, as well as spend and churn predictions by default.

Retention: Predictions stores instance-associated events for 60 days, and predictions made based on these events for a few weeks. Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Realtime Database
  • IP addresses
  • User agents

How it helps: Realtime Database uses IP addresses and user agents to enable the profiler tool, which helps Firebase customers understand usage trends and platform breakdowns.

Retention: Realtime Database keeps IP addresses and user agent information for a few days, unless a customer chooses to save it for longer.

Google Analytics for Firebase

How it helps: Google Analytics uses the data to provide analytics and attribution information. The precise information collected can vary by the device and environment. For more information see Data collection.

Retention: Google Analytics retains certain advertising identifier associated data (e.g., Apple’s Identifier for Advertisers and Identifier for Vendors, Android’s Advertising ID) for 60 days, and retains aggregate reporting and certain user-level campaign data without automatic expiration, unless the Firebase customer changes their retention preference in their Analytics settings or deletes their project.

Firebase Remote Config
  • Instance IDs

How it helps: Remote Config uses Instance IDs to select configuration values to return to end-user devices.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

ML Kit for Firebase
  • Uploaded Images
  • Instance IDs

How it helps: The Cloud based APIs store uploaded images temporarily, to process and return the analysis to you. Stored images are typically deleted within a few hours. See the Cloud Vision Data Usage FAQ for more information.

Instance IDs are used by ML Kit when interacting with app instances, for example, to distribute developer models to app instances. Instance IDs also allow ML Kit to utilize Firebase Remote Config to ensure device-side APIs (e.g., topic lists and filters) are kept up to date.

Retention: Firebase retains Instance IDs until the Firebase customer makes an API call to delete the ID. After the call, data is removed from live and backup systems within 180 days.

Firebase Crashlytics For more information on Crashlytics and end-user data processing, see the Crashlytics Data Collection Policies.

让最终用户能够自主选择是否接受个人数据收集和处理的指南

上表中的服务需要一定数量的最终用户个人数据才能正常工作。因此,在使用这些服务时不可能完全停用数据收集功能。

如果 Firebase 客户希望自己的用户可以自主选择启用某项服务及其附带的数据收集功能,那么在大多数情况下,只需添加一个对话框或用于设置的切换开关,用户确认启用后,即可使用这项服务。

但是,某些服务在集成到应用中后会自动启动。为了让用户在使用这些服务之前能够自主选择是否启用它们,您可以选择为每项服务停用自动初始化,而改为在运行时手动初始化它们。要了解具体操作方法,请阅读以下指南:

数据存储和处理位置

除非某项服务或功能提供了数据存储位置选项,否则,Firebase 可能会在 Google 或其代理保有设施的任何地方处理和存储您的数据。不同的服务可能使用的设施位置也不尽相同。

仅在美国运行的服务

少数 Firebase 服务只能通过美国的数据中心运行。因此,这些服务仅在美国境内的设施上处理数据。

  • Firebase 实时数据库
  • Firebase 托管
  • Firebase 测试实验室
  • Firebase 身份验证

全球均可运行的服务

大部分 Firebase 服务都在 Google 遍及全球的基础架构上运行。这些服务可以在任意 Google Cloud Platform 服务点Google 数据中心位置处理数据。对于某些服务,您可以做出具体的数据位置选择,这样就能把处理范围限制在相应的位置。

  • Cloud Storage for Firebase
  • Cloud Firestore
  • Cloud Functions for Firebase
  • Firebase 性能监控
  • Firebase 崩溃报告
  • Firebase 动态链接
  • Firebase 邀请
  • Firebase 远程配置
  • Firebase 云消息传递
  • Firebase 预测
  • Google Analytics for Firebase
  • 适用于 Firebase 的机器学习套件

安全性方面的信息

数据加密

Firebase 服务使用 HTTPS 来加密传输中的数据,并在逻辑上对客户数据进行隔离。

此外,多项 Firebase 服务对于其静态数据也会进行加密:

  • Cloud Firestore
  • Cloud Functions for Firebase
  • Cloud Storage for Firebase
  • Firebase 身份验证
  • Firebase 云消息传递
  • Firebase 实时数据库
  • Firebase 测试实验室

安全做法

为确保个人数据安全无虞,Firebase 采用各种安全措施来最大限度地减少访问:

  • Firebase 仅限部分员工出于业务工作需要而访问个人数据。
  • Firebase 会记录员工对包含个人数据的系统的访问情况。
  • Firebase 仅允许使用 Google 登录和双重身份验证登录的员工访问个人数据。

仍有疑问?与我们联系

如有任何本文未涵盖的与隐私权相关的问题,请通过帐号服务表单与我们联系。