President of the NBU

The GCP project of my @FlutterDev @Firebase app got suspended this weekend for abuse, after a single day of €3,167 in unauthorized Gemini API charges. The root cause turned out to be a #Firebase Hosting default that is hard to know about. Worth sharing what I learned. I thought the Firebase and Google Cloud project was clean and safe. Client uses Firebase AI Logic (proxy, no on-device Gemini key) with App Check via Play Integrity / App Attest. The suspension email said "key published on public sources." But: my GitHub repo is private and was never public. flutter build web was never run for this project. Where was the leak surface? Google AI Studio showed three Gemini-callable keys. Two tight (server-side). One was a "Browser key (auto created by Firebase)" — Unrestricted, since Nov 2024. That was the web app in my generated firebase_options.dart, from when I configured Flutter web at project init. Here's the part I didn't know about: Firebase Hosting auto-serves your web SDK config at a reserved URL — https://.web.app/__/firebase/init.json — as plain JSON, unauthenticated, to anyone. It includes apiKey, appId, projectId, authDomain. This endpoint is active whenever you have (a) a registered web app in Firebase Console + (b) any Hosting deploy. Contents of the deployed site are irrelevant. Mine was a simple CSS landing page that doesn't reference Firebase JS SDK at all. Endpoint leaked the key anyway. Bots scrape *.web.app/__/firebase/init.json because the pattern is universal across every Firebase project. Mine got picked up, the key was Unrestricted (= usable for any enabled API), and someone burned €3K of Gemini inference in a few hours. Project reinstated after appeal; outstanding balance still in review. Lessons I missed: - Auto-generated browser keys are Unrestricted by default (at least the time project was created). Always add HTTP referrer + API restrictions at creation. - Don't register a web app unless you use the JS SDK. - Set a Gemini spend cap + budget alert. €100/day cap. You can easily do this in Google AI Studio What I would ask the Firebase team: — Browser keys should default to restricted (HTTP referrer to project domains, API restriction to Firebase services) -> not sure this has changed after the date I created the project. — Reserved __/firebase/init.json should be opt-in. Static websites hosted with Firebase Web hosting do not need the API key info. — Firebase Console should warn when a key has been Unrestricted for >N days. Google AI Studio warns when you visit API keys page, but it should be visible on homepage. — Default-on spend caps for Generative Language API. TLDR; "Private repo" is not a meaningful security boundary when the key has another publicly-reachable surface. Audit not just your code, but every endpoint your project ID exposes including the ones the platform creates for you without telling you. Always manually verify API restrictions.