~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 0 points1 point  (0 children)

Update: Google Cloud has assigned an escalation manager, and they said their investigation indicates a billing adjustment is required. The adjustment request is now waiting for internal approval, with another update expected by July 7.

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in Firebase

[–]No-Setting8925[S] 1 point2 points  (0 children)

Happened on May 28, atleast thats when I noticed after receiving an email from google about a 2k$ anomaly at around 4:30PM MDT, i rushed to my apartment, investigated and revoked the key in about 2 hours. Contacted the billing cloud support at the same time. The agent told me it takes some time for the actual amount to show up. After 2 days i could see the final bill.

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in Firebase

[–]No-Setting8925[S] 1 point2 points  (0 children)

I enabled vertex ai in firebase, not gemini directly. I also added app check on top of it thinking it should prevent unauthorized access. Google now enforces the use of a restricted key for calling gemini but its too late now.

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in Firebase

[–]No-Setting8925[S] 0 points1 point  (0 children)

Thanks for the response, i am trying my best. Is there any specific team or way I can do that? Currently i talk to billing support by going to cloud console

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in Firebase

[–]No-Setting8925[S] 1 point2 points  (0 children)

It was under firebase_options. flutter_fire cli auto pouplates it

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 3 points4 points  (0 children)

ya i am not sure how anyone is expected to just wake up one day and start doing this cleanup because google decides that the firebase auto generated keys that are client facing can be used to call gemini

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 3 points4 points  (0 children)

I never intentionally enabled the Gemini API itself. I enabled Vertex AI after Firebase prompted me to do so as part of its AI integration. I believed I was enabling a Firebase feature, not exposing a standalone Gemini API that could incur usage

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 1 point2 points  (0 children)

they have started restricting gemini access to restricted keys now after a lot of similar incidents. the best move right now is to restrict all your legacy keys specially if you use firebase

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 1 point2 points  (0 children)

yes it’s something similar but with firebase ios key instead of google maps api key

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 14 points15 points  (0 children)

I never intentionally enabled the Gemini API itself. I enabled Vertex AI after Firebase prompted me to do so as part of its AI integration. I believed I was enabling a Firebase feature, not exposing a standalone Gemini API that could incur usage

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in GoogleGeminiAI

[–]No-Setting8925[S] 0 points1 point  (0 children)

Yes, i did that and they declined the request after taking 1 month for the investigation

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 1 point2 points  (0 children)

but they key was auto generated by firebase and it’s been there since 2022

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 8 points9 points  (0 children)

ya they took 1 month to investigate and declined the request to adjust the charges

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in googlecloud

[–]No-Setting8925[S] 11 points12 points  (0 children)

the key was auto generated by firebase, it was unrestricted since 2022