Firebase Database - Risks associated with exposing uid on the client side?

Question

Short question(s): What are the risks/problems if I expose another users\' UID on the client side?

My circumstance: I\'m building a test android app that needs to be

Answer 1

A UID is just a string. There's no information in it. The piece of secret information is the user's password (which you can never see) and their temporary authentication token, which expires after an hour. The SDK will automatically refresh that token.

If your security rules are properly set up, there is no problem. If one user knows another user's UID, there's nothing the first user can do to affect the data of the second user if your rules don't allow it. You may want to separate public and private information about users into separate locations so they can have separate security rules, if that's what you need.

If for some reason you still think that the UID needs to be kept secret, you can generate a different UUID or something to identify the user and use that instead, but I don't know what extra security that will provide.