1
As with any commercial provider, you don't have any guarantee here. This may be even more so now that Google has acquired Firebase.
Maybe you build an awesome app with Firebase, and in 12 months, Google decides that it just wanted the technology and the team, and shuts down Firebase as an independent service. What will you do?
As far as I can see, the Couchbase project offers similar features and all pieces of the stack are open-source.
How does this help? We can just re-use Couchbase Server and Couchbase SyncGateway. And on top of Couchbase Mobile and their other client libraries (iOS, Android, .NET), one can build a "shim" that maps Firebase's API to the Couchbase API.
The result will be a drop-in replacement for Firebase that is 100% open-source.
Maybe it will be most efficient to continue using Firebase even then. But it's always good to have a safe replacement up your sleeve.
But its relatively open nature comes with another problem, and one may argue that this is its single biggest problem:
Apps that provide zero value to the user without them noticing.
"Virus Shield" is only the latest example [2]. There are myriads of other apps that similarly do "nothing". Most of them are removed, eventually, but at that point, they have already deceived tons of users. As they come up time and again, they collectively do harm to tens (or hundreds) of millions of users.
If you need more examples, search for "Telegram" [3] and see how a single app has deceived 100,000+ users already [4]. Search for "ask.fm" [5] to see the same with 500,000+ users [6].
You can report those apps, but Google is not likely to do anything about it. They're probably employing a system where manual inquiries are only done for the apps reported most frequently. And as users don't notice, they can't report.
One may argue that the the affected companies (Telegram, ask.fm, etc.) must talk to Google here. But it's not just their problem ...
[1] https://news.ycombinator.com/item?id=7544864 [2] http://www.androidpolice.com/2014/04/06/the-1-new-paid-app-in-the-play-store-costs-4-has-over-10000-downloads-a-4-7-star-rating-and-its-a-total-scam/ [3] https://play.google.com/store/search?q=telegram&c=apps [4] https://play.google.com/store/apps/details?id=angryinvadersappstudios.telegramnotesv2 [5] https://play.google.com/store/search?q=ask.fm&c=apps [6] https://play.google.com/store/apps/details?id=com.wAskApp
"chayns" turns Facebook pages into mobile apps for Android, iOS, Windows Phone and Blackberry, automatically, trying to make your profession as a developer obsolete.
On Android alone, the company uses more than 30 developer accounts to push 10,000 apps per week to Google Play [4].
Is this compliant with Google's policies? No [5]. Does Google care? It doesn't seem so.
Today, Google updated its policies for developers, but are they credible at all? "chayns" did also violate against the old version of the Content Policy.
"chayns", in the meanwhile, is filling entire cinema halls with aspiring new developers that are going to spam your app store as well [6].
[1] <http://new.tobit.com/> (German) [2] <http://www.iphone-ticker.de/spam-tobit-software-baut-apps-aus-10-000-facebook-seiten-57671/> (German) [3] <http://www.tobit.com/chayns?lang=eng_us> [4] <https://play.google.com/store/apps/developer?id=Tobit.Software> up to <https://play.google.com/store/apps/developer?id=Tobit.Software+GER31> [5] <https://play.google.com/about/developer-content-policy.html> ("Spam" section) [6] <http://images.vogel.de/vogelonline/bdb/698700/698727/4.jpg>
This is because the mainstream does not care if your cryptography really works. You must only make them comfortable believing it.
Following the WhatsApp acquisition deal, Swiss mobile messenger Threema [1][2] got 200,000 new users within 24 hours [3], each paying at least USD 2,20 for the app in advance.
Threema is proprietary. There is no information as to the protocols and algorithms used. But the public is fine with that.
Not only are users celebrating the app. They feel that convincing their friends to go there is the expression of a new movement, reinforced by the NSA revelations and the WhatsApp deal.
Threema got free press coverage by the most popular and trustworthy newspapers in Germany, including zeit.de, spiegel.de, focus.de, heise.de, stern.de, focus.de, handelsblatt.com and bild.de.
We had that already: Telegram, whose team "consists of six ACM champions, half of them Ph.Ds in math" [4]. Telegram decided to provide open APIs and even start a contest to inspect their cryptography.
As it turns out, this was a mistake: While Telegram has been massively criticized for its contest and rolling their own cryptography [5], closed-source Threema is winning.
After all, people just want to feel save.
[1] https://play.google.com/store/apps/details?id=ch.threema.app [2] https://itunes.apple.com/de/app/threema/id578665578?mt=8 [3] http://bit.ly/1nVb8Y5 (Google Translate) [4] https://news.ycombinator.com/item?id=6916860 [5] http://www.cryptofails.com/post/70546720222/telegrams-cryptanalysis-contest