Firefoo Security

Firefoo Security

To provide the greatest level of security for your connection secrets and data, Firefoo is a stand-alone desktop application that connects to Google directly using the public REST and RPC APIs. Firefoo does not have a custom backend. It uses locally stored credentials to connect to your Firebase.
Firefoo pings our server at to check for updates and license validity. No data, no secrets and no usage statistics are sent with these requests.

Application State

Firefoo saves its application state to your file system. This state contains parts of your data and your connection secrets such as Google account tokens and service account keys. The application state is saved to:
  • Mac and Linux: $HOME/.firefoo
  • Windows: %userprofile%/.firefoo


Additionally, Firefoo saves logs, which may also sometimes contain secret information, at this location:
  • Mac: $HOME/Library/Logs/Firefoo/
  • Windows: %USERPROFILE%\AppData\Roaming\Firefoo\logs
  • Linux: $HOME/.config/Firefoo/logs