Skip to main content

Firebase Production Checklist for React Native Apps

Before you publish a React Native app that uses Firebase, verify the project, rules, backend, billing, secrets, and release builds. This checklist is designed for Instamobile apps, but it applies to most Firebase-backed React Native apps.

Quick Answer

Do not publish with demo Firebase credentials. Before release, use your own Firebase project, production bundle IDs/package names, locked-down Firestore and Storage rules, deployed Functions, configured secrets, budget alerts, App Check, push credentials, and a verified production build.

1. Project And Environments

  • Create or choose the production Firebase project.
  • Keep development/staging separate from production when possible.
  • Confirm the app does not use Instamobile demo credentials.
  • Confirm the production Firebase project is selected in the Firebase CLI:
firebase projects:list
firebase use
  • Confirm the project owner and billing owner are production team accounts, not a temporary developer account.

2. iOS And Android Apps

  • Add the iOS app in Firebase Console with the production bundle identifier.
  • Add the Android app in Firebase Console with the production package name.
  • Download the production GoogleService-Info.plist.
  • Download the production google-services.json.
  • Replace config files in the correct app target.
  • Rebuild the native app after replacing config files.

3. Authentication

  • Enable only the Auth providers the app actually uses.
  • Configure authorized domains when required.
  • Configure Apple Sign In in Apple Developer if used.
  • Configure Facebook Login in Meta Developer if used.
  • Configure phone authentication and quota/cost expectations if used.
  • Test sign-up, sign-in, sign-out, and account deletion flows.

4. Firestore

  • Enable Cloud Firestore.
  • Deploy production Firestore rules.
  • Deploy firestore.indexes.json if the app package includes it.
  • Import seed data only if the app needs initial content.
  • Verify queries use pagination or limit() on large collections.
  • Test common reads and writes with a real authenticated user.
  • Check Firebase Console for missing index links after running the app.
firebase deploy --only firestore:rules
firebase deploy --only firestore:indexes

5. Storage

  • Enable Firebase Storage if the app uploads media.
  • Deploy production Storage rules.
  • Verify profile photo, post media, product image, and chat attachment upload flows if the app supports them.
  • Compress images or generate thumbnails when the app handles large media.
  • Confirm failed post/order creation does not leave orphaned media.
firebase deploy --only storage

6. Firebase Functions

  • Confirm whether the app package includes a firebase/functions folder.
  • Install Functions dependencies.
  • Configure required secrets and environment variables.
  • Confirm the Functions region matches the app code or update the app client to call the deployed region.
  • Deploy Functions to the production Firebase project.
  • Check logs after exercising the app.
firebase deploy --only functions
firebase functions:log

7. Secrets

  • Store private keys in Firebase Functions secrets or another backend secret manager.
  • Do not store private keys in React Native source code.
  • Use production provider credentials for production builds.
  • Rotate any credential that was committed, shared, or exposed.

Common secrets:

  • OpenAI API key;
  • Stripe secret key;
  • Stripe webhook secret;
  • Twilio auth token;
  • email/SMS provider keys;
  • moderation provider keys.

8. App Check

  • Decide which App Check providers to use for iOS and Android.
  • Register production apps in Firebase App Check.
  • Test App Check in monitoring mode before enforcement.
  • Enforce App Check only after production builds send valid tokens.

Warning App Check protects backend resources from requests that do not come from valid app instances. It complements Firebase Authentication; it does not replace user authentication or Firestore/Storage rules.

9. Billing And Cost Controls

  • Choose the correct Firebase pricing plan.
  • Upgrade to Blaze if the production feature set requires it.
  • Configure budget alerts.
  • Review Firestore reads/writes after smoke testing.
  • Review Storage downloads after media testing.
  • Review Functions invocations and errors after smoke testing.

10. Push Notifications

  • Configure APNs for iOS if the app sends push notifications.
  • Configure Firebase Cloud Messaging for Android.
  • Verify notification permissions on a real device.
  • Test background, foreground, and killed-app notification behavior.
  • Verify notification triggers from Functions if the app uses backend push.

11. Release Build Verification

  • Build a release iOS app.
  • Build a release Android app.
  • Sign in with a production Firebase test account.
  • Create/read/update/delete the main app entities.
  • Upload and display media.
  • Test payments or AI flows if included.
  • Test push notifications on physical devices.
  • Check Firebase logs after the smoke test.

Troubleshooting

Release build still connects to demo Firebase

Search for all Firebase config files and replace the files in the actual build target. Clean and rebuild the native app.

find ios android -name "GoogleService-Info.plist" -o -name "google-services.json"

Function logs show missing secrets

Set the secret, confirm the function binds it, and redeploy the function.

firebase functions:secrets:set SECRET_NAME
firebase deploy --only functions

Reads work in debug but fail in release

Check Firebase config files, Auth state, App Check enforcement, Firestore rules, and whether the release build uses the expected bundle ID/package name.

Uploads fail only in production

Check Storage rules, App Check enforcement, file size, media compression, Functions processing, and billing status.

Next Steps