I'm integrating firebase dynamic linking for Android & iOS application. What I found is query parameter I passed in link attribute is not safe. I can copy link form debug detail (by appending ?d=1 at the end of deep link).
My understanding says we should not pass any important information here as query parameter, but is there way to safeguard this !!
Its only as secret as a regular link - so if you wouldn't pass some important detail in a standard URL, then don't put it in a dynamic link. If you have some secret information, it is always best to link that to a proper auth system.
If you write the data into a system like Firestore or the Realtime Database you can use security rules to restrict its access, then pass a reference in the dynamic link parameters. The specifics of what to restrict in the rules will depend on your use case.
