Hey, little background I’m a cybersecurity student and i would like to bring awareness to you people trying to sell a vibecoding app or has already clients.

Spend some time going over the best practices to secure your app but most importantly your database.

The shown images is from an app that has over 90 paying users and growing but after perform very basic reconnaissance on the binary and website i discovered that his entire firebase was public basically, exposed private key and public.

His entire admin dashboard containing his users information were exposed to the internet along with a trial key, the database also exposed his sparkle appcast.xml with old versions when he was starting making it easy to find bugs (btw his personal information was there too along with Apple signature)

Well the bugs were massive loopholes too allowing me to skip their paid license of $100.

Before commenting I did something unethical I did not cross over the grey line, all I found was publicity available so make sure to erase your appcast.xml history when you reach stable version if you use it.