35
votes
  1. Is there any way to clear data stored in Firebase Database persistence enabled via setPersistenceEnabled(true)?
  2. Or eventually prevent read access to previously stored users data on the device?
  3. And extra question - is there any way to check if any data is waiting to sync?

In my app I want to clear db when user is logging out and he confirm that unsynchronized changes will be removed. This app will be used on tablet by many people, and there'll be many data stored per user, so I want to clear unnecessary data stored on the device to:

  • shrink storage usage
  • prevent unauthorized person from read users data

It's a security flaw because any user, regardless of whether is signed in or not, has read access to all previously downloaded data! Fortunately we haven't write access there.

I tried to clear db on my own, in both offline and online mode, but data still persist on the device:

// first clear all data on my own
FirebaseDatabase db = FirebaseDatabase.getInstance();
db.goOffline(); // even when I clear db in online mode data persist on mobile device
db.getReference().setValue(null);

// and then logout
FirebaseAuth.getInstance().signOut();
db.goOnline();

eg data structure:

{
  "someList": {
    "userId1": {
      "itemId11": {
        "name": "name 11"
      },
      "itemId12": {
        "name": "name 12"
      },
      ...
      "itemId1N": {
        "name": "name 1N"
      }
    }
    "userId2": {
      "itemId21": {
        "name": "name 21"
      },
      "itemId22": {
        "name": "name 22"
      },
      ...
      "itemId2N": {
        "name": "name 2N"
      }
    }
  }
}

my rules:

{
  "rules": {
    ".read": "false",
    ".write": "false",
    "someList": {
      "$uid": {
        ".read": "$uid === auth.uid",
        ".write": "$uid === auth.uid"
      }
    }
  }
}
4
have u tried mRef.keepSynced(false);Sahaj Rana
@SahajRana unfortunatelly adding keepSynced(false) in any place doesn't change anything. Only when I delete last db.goOnline() then I really can't read previous user data. But I can write and read new data as "logged out" user. And after logged in when I call db.goOnline() (to have db in sync) it clears all my old data on backend and at the same tame adds new data added as "logged out" user.wrozwad
Actually when u set setPersistenceEnabled(true) firebase stores the data in cache form on your device so that it could show data when you are offlineSahaj Rana
could u show more code of what u are trying to do.. and What exactly u want not to happen..Sahaj Rana
This is definitely a security flaw and a massive usability flaw. It is causing me no end of chaos, surely there must be some way to manually remove this. It's even worse... after I delete the app entirely (macOS) then reinstall, the persistence cache still remains, and forces updates from that old cache to the server! This is crazyDan Horton

4 Answers

11
votes

Unfortunately there's no supported way to clear the persistence cache. You could try to manually delete the SQLite database used by Firebase Database (should be under /databases/ in your app's data folder), but you'd need to do it before initializing Firebase Database, so you'd have to force the app to restart after signing somebody out or similar.

Regarding knowing if there's "data waiting to sync", assuming you're talking about writes, the only way is to attach CompletionListeners to every write operation you do, and wait for them to complete.

Both of these are things we'd like to improve in future versions of the Firebase Database SDK.

3
votes
    if (Build.VERSION_CODES.KITKAT <= Build.VERSION.SDK_INT) {
        ((ActivityManager) getContext().getSystemService(ACTIVITY_SERVICE))
                .clearApplicationUserData();
    }

source

0
votes

Oh dear what a terrible hack this solution is, I apologise in advance...

This works tho, to clear the local cache:

  • disable persistence

  • take a full copy of the new node, e.g. for user 2

e.g. var copyData = await (await ref.once()).value;

  • enable persistence

  • replace the new node, e.g. user 2, with the copyData

In theory only data which has been changed will be written, which should mean no changes to the realtime database. Meanwhile the local cache is replaced with the data from the server.

I got this approach to work for my needs. It's the basis of a solution, which would be different depending on every use case.

Good luck!