MyScraper is built with Flutter and compiled into native binaries, making it much harder to reverse engineer. Additionally, we use code obfuscation techniques that further mask our application’s structure and logic to protect sensitive components.
We never store API keys (for Firebase, Alchemy, and other services) directly in our source code. Instead, we rely on secure methods—such as encrypted environment variables or Firebase Remote Config—to load these credentials during runtime. This approach prevents unauthorized parties from discovering and exploiting these keys in the event of a code leak.
While MyScraper implements basic input checks on the frontend—such as validating user inputs for convenience—all critical security checks are handled by secure backend services. This separation ensures that even if attackers tamper with the app, they cannot bypass important validations performed on the server.
We enforce HTTPS for all communication between MyScraper, Firebase, and Alchemy’s API. This ensures data in transit, including user credentials and blockchain-related requests, is encrypted and protected from eavesdropping or interception.
Our API keys for Alchemy and other services are configured with domain or IP restrictions where possible. This limits the environment in which keys can be used, reducing the risk of unauthorized or malicious use.
MyScraper uses Firebase Authentication to securely manage user sign-ins. We support multiple login methods (e.g., email/password, Google). Each authenticated user receives a secure token that our backend checks before granting access to resources, ensuring that only authorized users can interact with the system.
We implement stringent Firestore rules to control which data each user can read and write. These rules are regularly updated to reflect MyScraper’s evolving functionality and to address potential security gaps, ensuring that user data and notifications remain protected at all times.
Whenever we need to perform sensitive tasks—like processing large volumes of blockchain transaction data or advanced business logic—we rely on Firebase Cloud Functions. These server-side functions can only be triggered by authenticated requests, keeping the most critical processes out of reach from unauthorized manipulation.
To avoid excessive or malicious use of MyScraper’s transaction monitoring features, we implement rate limits and quotas per user or session. Users exceeding these limits may be temporarily throttled or blocked, safeguarding the platform’s performance and availability for everyone.
Before our app processes any user-provided data (such as addresses or custom filters for transactions), we apply thorough validation and sanitization. This reduces the risk of injection attacks or any misuse that could compromise our system or partner APIs.
We closely monitor usage metrics—like request volume and error rates—to detect suspicious patterns. Automatic alerts notify our team of any unusual behavior, enabling quick investigation and response to potential threats.
We enable Firebase App Check to confirm that requests to our backend and database services originate specifically from the genuine MyScraper application, preventing unauthorized clients or automated bots from misusing our resources.
MyScraper’s architecture allows us to assign different permission levels (e.g., admin, standard user). This ensures each user can only view and manage the data they are authorized to handle, minimizing the impact of any single account being compromised.
We maintain extensive logs of system events, API calls, and user actions. These logs are continuously monitored, and our security team conducts regular audits to detect anomalies. Should a security incident occur, our logging infrastructure enables swift troubleshooting and remediation.
By integrating these robust measures—across the frontend, backend, and the communication layers—MyScraper provides a secure environment for receiving real-time blockchain transaction notifications, safeguarding both user data and our internal systems against evolving threats.