Hey, @dimitri320,
One of the solutions I see here is offloading that from the app to Firebase Cloud Functions, and you can set a more strict set of security rules and then bypass them using the admin SDK.
One thing to keep in mind if you’re calling those functions from the phone is that if the user’s app crashes mid-way, you’ll end up with a buggy listing.
To advice on how to set up your Firebase Security Rules, I’d need to know more about you’re database structure.