I found a simple vulnerability of GoManila, the app from Manila’s Office of the Mayor.
The app is using Firebase for the backend and the developer forgot to set the privacy settings thus anyone can visit the link and view its data on https://gomanila.firebaseio.com/.json
I reported it to the Office of the Mayor and settings was updated already.