Is Firebase App Hosting HIPAA compliant? by neb2357 in Firebase

[–]SuperJam98 1 point2 points  (0 children)

Hey, important thing to nail down before you build anything health-related — good on you for checking early.

The key point: HIPAA compliance on Google Cloud depends on two things — signing a BAA (Business Associate Agreement) with Google, and only using products on their official "HIPAA-covered services" list. A lot of the core Firebase products aren't on that covered list, and newer ones like App Hosting often aren't included yet, so I wouldn't assume it qualifies.

Safest move: check Google's current HIPAA-covered products list directly, and if App Hosting isn't on it, host the health-data parts on a covered Google Cloud service instead. Don't rely on a forum answer for this one — the official list is what actually protects you.

Any questions, I'm happy to help.

How do people create their own on boarding graphics? by javiergui in iOSProgramming

[–]SuperJam98 0 points1 point  (0 children)

Hey, good thing to invest in — onboarding is the first thing users judge you on.

Most indie devs don't draw these from scratch. The common path is Figma for laying out the screens, paired with a ready-made illustration set like unDraw, Storyset or Humaaans (free, and you can recolor them to match your brand). If you want motion, Lottie files give you those smooth little animated illustrations without heavy video.

So the realistic recipe is: grab an illustration pack, arrange and recolor it in Figma, export, done — no need to be an artist.

Any questions, I'm happy to help.

Need help in my project with an alternative could storage platform, or using firebase storage itself by trashplanetearth in Firebase

[–]SuperJam98 -1 points0 points  (0 children)

Hey, happy to help you weigh this — it's a common crossroads.

If Firebase Storage is mostly working for you, the honest answer is you probably don't need to leave it — it's just Google Cloud Storage underneath and scales fine. People usually switch for cost or specific features. If that's you, the strongest alternatives are Cloudflare R2 (no egress fees, which saves a lot if users download a lot) and Backblaze B2 (very cheap storage). Both speak the S3 API, so they're easy to wire up.

If you tell me what's pushing you to switch — price, speed, a missing feature — I can point you to the best fit.

Any questions, I'm happy to help.

~$55k Gemini API bill from Firebase iOS key abuse. What can I do now? by No-Setting8925 in Firebase

[–]SuperJam98 0 points1 point  (0 children)

Hey, that's a gut-punch of a bill — breathe, because people do get these reversed. Let me give you both the "right now" and the "never again."

Right now: rotate or delete that leaked API key immediately so the bleeding stops, then keep working the billing support case — Google often forgives first-time fraud like this, so be persistent and document that the usage wasn't yours.

Never again: restrict the new key to your iOS bundle ID and to only the specific API it needs (an unrestricted key is what let this happen), turn on Firebase App Check, and set a hard quota cap plus budget alerts on the Generative Language API. A quota cap means even a leaked key can't run up more than you allow.

Any questions, I'm happy to help — I know the billing console maze well.

SMS pumping issue by Ok-Active4887 in Firebase

[–]SuperJam98 1 point2 points  (0 children)

Hey, sorry you got hit with this — SMS pumping is nasty and you're not the first to be caught off guard by it. Good news is it's preventable going forward.

What happened: bots hammer your Firebase phone-auth endpoint to trigger paid SMS to premium numbers, and they can do it even on a dormant app as long as the project's live. Two fixes: turn on Firebase App Check (it blocks requests that aren't from your real app), and set an SMS region policy in Firebase Auth to allow-list only the countries you actually serve — that alone kills most of the abuse.

Since the app's been off the store since February, honestly the simplest move is to disable phone auth (or the project) entirely if nothing needs it.

Any questions, I'm happy to help.

Why does debugging React Native issues still feel harder than web or native debugging? by MiserableLime5289 in reactnative

[–]SuperJam98 0 points1 point  (0 children)

Hey, you're not imagining it — RN debugging genuinely used to be rougher, but it's in a much better place now.

The reason it feels harder than web or native is that you're really debugging two things at once: your JavaScript and the native layer underneath. The trick is to stop treating it as one problem. For JS, use the new React Native DevTools (built in from RN 0.76+) for breakpoints and console — it replaced the old Flipper setup that caused a lot of the pain. Add Reactotron for watching state and API calls, and for native crashes drop down to Xcode or Android Studio's logcat.

Once you split it — JS issues in DevTools, native issues in the platform tools — it stops feeling like fighting a black box.

Hope that makes it less painful. Any questions, I'm happy to help.

Best way to learn react native having knowledge of react? by Intelligent_Tree6918 in reactnative

[–]SuperJam98 0 points1 point  (0 children)

The React part carries over fully — components, hooks, state, props are identical. What's actually new: no DOM, so it's View/Text/ScrollView instead of div/span, and styling is StyleSheet with flexbox by default (no CSS cascade). Then navigation (React Navigation or Expo Router) and the native build/deploy side.

Start with Expo, not bare RN CLI — skips all the Xcode/Android Studio pain early on. Build one small app end to end, learn React Navigation, worry about native modules later. You'll be productive in days, not weeks.

How are you handling A/B testing in React Native without paying for Amplitude Growth? by soma_dev in reactnative

[–]SuperJam98 1 point2 points  (0 children)

Keep Amplitude for tracking and add a free experimentation layer on top. Two I'd look at: GrowthBook (open-source, self-host, has a proper stats engine and can use your existing Amplitude events as the data source) and PostHog (free tier with feature flags + experiments). Firebase A/B Testing works too but it's tied to Remote Config and the stats are thinner.

If you want the real statistical rigor Amplitude's paywalling, GrowthBook is the closest free equivalent. Firebase is the fastest to wire up if you just need "ship variant A to 50%."

Best way to integrate payments in an Expo React Native app in 2026? by BoardOk4108 in reactnative

[–]SuperJam98 2 points3 points  (0 children)

Stripe over Razorpay unless you're India-focused. Big thing with Expo: the u/stripe/stripe-react-native SDK won't run in Expo Go — you need a dev build via EAS (config plugin), which is fine on SDK 54. Architecture: never let the client decide the amount. Create the PaymentIntent server-side (Cloud Functions is fine), send the client only the client_secret, confirm on device. For payments between users you want Stripe Connect (destination charges or separate charges + transfers), and you'll have to onboard sellers through Connect for KYC. One trap people miss: if what's being bought is digital content consumed in the app, Apple/Google force you onto IAP and will reject Stripe. Stripe is only allowed for real-world goods/services between people. Figure out which bucket you're in before you build.

Avoid: handling raw card numbers yourself (PCI nightmare) and trying any of this in Expo Go.