I’m hoping to get clarification from the Firebase Studio team, as well as hear from others who may have encountered this.
When opening my workspace, I received the following message:
Error opening workspace: We’ve detected suspicious activity on one of your workspaces. Please contact support for further assistance
After opening a support ticket, I was instructed to share my most recently opened workspace with an account in the following format:
fire.studio.{nnnn}@gmail.com
(where {nnnn} is a 4-digit number)
I understand that investigating “suspicious activity” may require deeper inspection, but I’m struggling to understand whether this is the official and recommended workflow, especially from a security perspective.
Specifically:
- The account uses a
gmail.comdomain, which makes it difficult for users to independently verify that it is an internal, restricted investigation account. - My workspace contains a .env file with sensitive environment variables, and granting workspace access could potentially expose secrets.
- I have no clear indication of what triggered the “suspicious activity” flag, nor whether sharing the entire workspace is the only available resolution path.
I’m not trying to question the intent of the support team. Rather, I’d like to understand:
- Is sharing a workspace with a
gmail.comaccount an official Firebase support practice for this type of investigation? - How is access to sensitive files (such as .env) handled or restricted during such reviews?
- Are there alternative approaches (e.g., log-based analysis or scoped access) that avoid exposing confidential configuration?
If anyone from the Firebase Studio team could clarify the intended process here, it would be very helpful—not just for me, but likely for other users who encounter the same error in the future.
Thanks in advance for any insight or guidance.