Security concern: Vertex AI in Firebase requires no user authentication?

[marcoancona]

The premise of Vertex AI in Firebase is great: being able to call AI APIs from the client side without the hassle of implementing a custom authentication layer.

According to our early tests with Vertex AI in Firebase, however, the API calls to Google services expose the Firebase API Key (which is stored client-side, by design). And the API Key is everything you need to call the Gemini APIs 😳.
It seems this makes it super easy to steal the API keys of another product and use them to get access to the expensive Gemini APIs.

The documentation recommends setting up App Check, but this is 1) not mandatory, 2) not easy to setup, and 3) not practical for some environments (see Electron apps).

I would have expected a way to limit access to the APIs to authenticated users, with per-user quotas and some form of security rules similar to Firestore. But as far as I can see, no such concept exists for Vertex AI.

Unless I missed something, it seems that these defaults and the lack of better tools to control access will push many Firebase users to leak access to their AI APIs to the world, intentionally or unintentionally.