I'm wanting to use CloudKit public storage to power a messaging app. All messages would be stored on the public storage, with the sender and recipient Users as relationships, that way someone using my app can fetch all messages where they are the sender or recipient.
My concern is that those messages might be able to be read by others. I'm not sure if/how the database itself could be accessed from outside of my app, but if it could them someone would be able to see and read all those messages.
Under Security Roles for a Message, it's set to:
World: Read
Authenticated: Read, Create
Creator: Read, Create, Write
Meaning someone who is authenticated and created an object (a Message) can edit or delete it, a person authenticated can create new messages, and anyone can read messages.
I'm wondering if this "World" access is what opens me up to vulnerabilities, and perhaps setting only Authenticated and Creator as Read privilege would stop people from being able to access my data.