Do I have to change DB permissions?

I recently received an email regarding the permissions I gave to my collections. They are open to everyone because I made API that read and write to them from a mobile app.

I want to know, do the permissions have to be changed or is it just a recommendation?

(BTW, is there a way to reach the data as an admin / collaborators without signing in? such wix api? then I can change the permissions and still let access to anyone who came through my app, I validate it with password I send and check)

It depends on the collection contents. If it’s sensitive/private info you should restrict it.
Anyway, if you wish to bypass the permission (which is only possible from backend functions including http-functions) all you need to do id to add {suppressAuth: true} options:

query.find({suppressAuth: true})
wixData.get('Collection', id, {suppressAuth: true})
wixData.update('Collection', item, {suppressAuth: true})


tnx a lot!