Hello,
As detailed in
Understand Firebase projects, the contents of google-services.json should be considered public but should be obscured where possible (such as not including them in version control) and data accessible from the contained information should be protected (where applicable) by Firebase Security Rules.
In Full:
"The content of the Firebase config file or object is considered public, including the app's platform-specific ID (Apple bundle ID or Android package name) and the Firebase project-specific values, like the API Key, project ID, Realtime Database URL, and Cloud Storage bucket name. Given this, use Firebase Security Rules to protect your data and files in Realtime Database, Cloud Firestore, and Cloud Storage.
For open source projects, we generally do not recommend including the app's Firebase config file or object in source control because, in most cases, your users should create their own Firebase projects and point their apps to their own Firebase resources (via their own Firebase config file or object)."