u/greenarez

Hello!

I have suspended the project because of "hijacking". The most sad part is that this key is most likely generated by Firebase itself and used in some AI features inside it. And hijacking happened because this key for some reason was equal to the app public key.

I appealed more than a 20 days ago, but still no luck. Just no answer (although I deleted this key and rotated the Firebase key).

So the question is, has anyone migrated from GC in their Android apps while their GC project is suspended? Or, maybe, I need to wait while they answer the appeal?

I'm mostly scared because of possible consequences for the app, as the algorithm may think I'm trying to bypass the suspension. Although I want to migrate to my own, self-hosted auth/db mechanism.

Hello!

I have suspended the project because of "hijacking". The most sad part is that this key is most likely generated by Firebase itself and used in some AI features inside it. And hijacking happened because this key for some reason was equal to the app public key.

I appealed more than a 20 days ago, but still no luck. Just no answer (although I deleted this key and rotated the Firebase key).

So the question is, has anyone migrated from GC in their Android apps while their GC project is suspended? Or, maybe, I need to wait while they answer the appeal?

I'm mostly scared because of possible consequences for the app, as the algorithm may think I'm trying to bypass the suspension. Although I want to migrate to my own, self-hosted auth/db mechanism.

Hello all.

Same as many here, my Google Cloud project was suspended due to "associated with abusive activity consistent with hijacking".

To be clear, the day before suspension, I received an email that stated that "Publicly accessible Google API key for Google Cloud Platform". I don't get it, because you know it's the public key itself that is written in google-services.json; you need to download it from Firebase and put it in your app. Also, I live near a frontline in Ukraine, and that day was quite loud, so I didn't have much time to investigate.

In that moment, I didn't know that Firebase rotated these keys, and if I tried to download a new google-services.json, it would be different.

So on the next day (April 21), my project was suspended, and any part of the project started to reroute to the appeal page. I started to search for the reason and found it in Google AI Studio. Some autogenerated key matched my app's public client API key. So I deleted it immediately.

Just to be clear, I received a warning from Google Cloud, not Google AI Studio, but in it, the key was marked with a warning.

I filed an appeal and wrote: when this key may be generated (Possible on testing Firebase AI Studio or other AI functions), and that I've deleted it permanently.

• After 2 days, I received a generic message that asked for the same information I provided in my appeal. I panicked a little, so I sent a few follow-ups with all I knew.
• 10 days, no response at all, so I sent one more follow-up.
• On 15 day, I filled out one more appeal form, stating everything I could.

And today is 18 day from suspension. My project is still suspended, and my app users are affected. Losing users and money.

For now, I don't know what to do because I can't launch a new login system, as I don't have access to data in the old one, and I can't be sure that Google Bot will not think that I'm trying to bypass the restriction.

Has anyone here had a similar case and been able to reinstate the project? How long did it take to get a real response from Google?

edit: made it shorter
edit2: structured a little

Hello!

I have suspended the project because of "hijacking". The most fun part is that this key was generated by Firebase and used only once in AI Studio. And hijacking happened because this key for some reason was equal to the app public key.

I appealed more than a week ago, but still no luck. Just no answer (although I deleted this key and rotated the Firebase key).

So the question is, has anyone migrated from GC in their Android apps while their GC account is suspended? Or, maybe, I need to wait while they answer the appeal?

I'm mostly scared because of possible consequences for the app, as the algorithm may think I'm trying to bypass the suspension. Although I want to migrate to my own, self-hosted auth/db mechanism.