This document contains a checklist of things to consider before launching a Firebase app to production.
Update your connected apps
Android Add a release SHA1 fingerprint for Android apps in the Firebase console (for OAuth client IDs).
iOS Update your App Store ID and Bundle ID and Team ID (if necessary) for your iOS apps.
Web Add whitelisting for your domains to prevent unauthorized usage. - Whitelist your production domain for browser API keys and client IDs in the Google Developer Console. - Whitelist your production domain in the Auth tab of the Firebase console panel.
Know your plan limits
All The Realtime Database, Storage, and Hosting features have hard usage caps on the Spark and Flame plans. Hitting these limits may mean that your app stops working as you intend. Consider upgrading to the Blaze plan to remove these limits. See the pricing page for more details.
All Ensure any experimental Remote Config rules don't affect your release users, and that appropriate defaults are distributed in your app.
All Define audience parameters for Analytics to start collecting users from launch.
iOS Be sure to upload your APNS Auth Key for Cloud Messaging on iOS in the Firebase console. If using APNS certificates, ensure that your production APNS certificate is uploaded.
Android Upload proguard mapping for release builds for use in Crash Reporting.
iOS Upload dsym file for release builds for use in Crash Reporting.
Android Configure your proguard rules to work with the Realtime Database.
All Configure your Firebase Database Rules to prevent unintentional data access.
All Ensure you're ready to scale. The Realtime Database has default quota large enough for most applications, but some apps may need extra capacity.
Android Make sure your release build uses ProGuard for code shrinking. Without ProGuard the Cloud Firestore SDK and its dependencies can add as much as 1MB to your APK size.
All Configure your Security Rules to prevent unintentional data access.
All Configure your Storage Security Rules to prevent unintentional data access.
Android Configure your proguard rules to work with Authentication.
iOS Ensure you have error handling on iOS for common errors.
All Disable providers you aren't using (especially anonymous users in Firebase console).
All If using Google Sign In, personalize your OAuth consent screen.
All Customize your domain and sender for the Authentication email sending service.
Android Run Android apps through Test Lab to check for last minute bugs.
All Create Dynamic Links for key new features to use in promotional material and social media.