I am new flutter developer and use firestore as my server, my question is for my flutter app I want to check user’s subscription status, so I can get it via
CustomerInfo customerInfo = await Purchases.getCustomerInfo();
Should I then pass this value
customerInfo.entitlements.all[entitlementID]?.isActive
directly to my cloud function to calculate different methods based on user’s subscription status, or I need to move revenuecat code part in cloud function, in case someone can hack my code and always pass TRUE value to my cloud function? Thanks!
Any part of your application code that runs on a user's hardware is possible to change, fake, or eliminate entirely. The only secure way to run any code is on a backend you control, such as your Cloud Function.
Whether or not you should do this work on your frontend or backend is up to you - you decide if it's worth risking a problem with the code being run differently than you coded it. If it's a matter of user entitlements or billing, then consider if you want the user to bypass your controls (you probably don't).