All data transmission happens over secure communication channels (over HTTPS).
The app does not have any issues with its authentication APIs.
An attacker (malicious app of attacker required on user's phone) can potentially access user data due to insecure Firebase services.
The app allows the users to edit their information in the app.