[READ] Step 1: Are you in the right place?

Yes

[REQUIRED] Step 2: Describe your environment

• Xcode version: 11.2.1
• Firebase SDK version: 6.13.0
• Firebase Component: FirebaseInstanceID
• Component version: 6.13.0

[REQUIRED] Step 3: Describe the problem

Method

NSData *FIRInstanceIDSHA1(NSData *data)

in FIRInstanceIDKeyPairUtilities.m

uses insecure CC_SHA1 hashing algorithm, while Apple officially considers this algorithm insecure. They state in iOS 13 CryptoKit documentation:

"This hash algorithm isn't considered cryptographically secure, but is provided for backward compatibility with older services that require it. For new services, prefer one of the secure hashes, like SHA512."