Flutter - firebase_app_check not working in release mode, how fix it?

Asked 23/9, 2022 at 19:22 Answered 17/5, 2023 at 9:37

Solved android flutter firebase google-cloud-firestore firebase-app-check

I using firebase_app_check in my flutter app. And I use AppCheck in Firebase. it turned out to be not easy to set up, there are a lot of "white spots" in the documentation. so in order:

I enabled AppCheck on Firebase(for starage and Firestore).
I selected "Play Integrity"(so the documentation recommends) as attestation providers.
I added plugin firebase_app_check to my app. But it not worked. the app(in debug mode) cannot retrieve data from the firestore.
Then I added "SafetyNet" as attestation provider. After this app worked(debug mode).
I publised my appbundle to Google Play. When I downloaded app from Google Play it not worked(cannot retrieve data from the firestore). I using obfuscation for my appbundle.

Why my app not worked with AppChecker in release mode? Why "Play Integrity" not worked? do I have to add code at the platform level? according to this document? like this:

 val firebaseAppCheck = FirebaseAppCheck.getInstance()
   firebaseAppCheck.installAppCheckProviderFactory(
   SafetyNetAppCheckProviderFactory.getInstance()
 )

or is one plugin enough?

How I can fix it?

Whitefish answered 23/9, 2022 at 19:22 Comment(7)

Did you add the SHA-256 fingerprint of your app's signing certificate? – Stomodaeum 26/9, 2022 at 14:58

Can you tell more about this? – Whitefish 26/9, 2022 at 19:16

Take a look at this and especially step 2: firebase.google.com/docs/app-check/android/safetynet-provider. – Stomodaeum 27/9, 2022 at 8:12

Yes - I used it – Whitefish 28/9, 2022 at 18:26

In case of release have you enabled proguard ? if not look into this thread github.com/yongjhih/android-proguards/blob/master/… – Aloha 30/9, 2022 at 1:55

Have a look at this github link(github.com/firebase/flutterfire/issues/9178 – Serval 30/9, 2022 at 6:53

Same problem here, I followed the documentation below, but I cant get it to work. Also, I don't understand why we need AppCheck since we already have a google-service.json containing the SHA certificate fingerprint to identify the app to firebase. firebase.google.com/docs/app-check/flutter/… – Ping 1/12, 2022 at 13:49

So I finally figured this one out, documentation is very scattered, so here is a summary:

WARNING: if you want to debug against your firebase backend with AppCheck enabled you have to get a debug token and add it in Firebase every hour or so. Only a physical iOS device can be debugged without this token. For iOS emulator you must first run your app via Xcode and get the token there. This is quite a drawback in AppCheck imo.

Android Debugging (Device and Simulator):

You have to use androidProvider: AndroidProvider.debug as described here
Then run your app, it wont work, BUT look inside the console for the following line: Enter this debug secret into the allow list in the Firebase Console for your project: 49367303-30f3-4913-a596-... if you don't see this line: hit Hot Restart.
Copy this code and open Firebase Console > App Check > Apps > click the 3 dots behind your Android app > Manage debug tokens, add your token here:

Android Production:

For production you first have to follow the steps in 1. Set up your Firebase project. NOTE Especially step 3 is very vague: Register your apps to use App Check with the Play Integrity provider in the App Check section of the Firebase console. You will need to provide the SHA-256 fingerprint of your app's signing certificate. What they mean is:

In google Play Console under: Release > Setup > App Integrity > App Signing > copy the SHA-256 certificate fingerprint.
Add this fingerprint in Firebase console > App Check > Apps > click your Android app > Play integrity
Now create a new build and upload it to Play Store.

iOS I got this to work on iOS by following these docs:

1. Set up your Firebase project, follow all the links in that documentation, (which takes you to apple.com and back)
for debugging on iOS emulator follow this documentation
If you encounter build errors in Xcode (like I did), see my answer here

Ping answered 2/12, 2022 at 10:52 Comment(4)

What would the world do without you?! Awesome answer! – Petrifaction 3/1, 2023 at 12:28

I don't know, probably not App Check :-) – Ping 4/1, 2023 at 21:5

it still doesn't work, throw [firebase_app_check/unknown] p0.l: Error returned from API. code: 403 body: App attestation failed error when running FirebaseAppCheck.instance.getToken(true) – Bottleneck 30/1 at 20:59

I also customize FirebaseAppCheck options:

await FirebaseAppCheck.instance.activate(     //androidProvider: AndroidProvider.debug,     androidProvider: AndroidProvider.playIntegrity,   );

– Honna 13/4 at 8:22

For me, the app check failed on a Flutter app even after I completed all the above steps mentioned by @Niels. After going through the documentation for Android Play Integrity in Default providers, I found out that there are additional steps to complete not listed in Flutter's section of the documentation. I was missing point 1.2 in the above link.

I had to go to Play Console App > Release > App Integrity > Integrity API and then link my Firebase/Google Cloud project. After this, all subsequent builds uploaded to the Play Store started working.

Gusto answered 17/5, 2023 at 9:37 Comment(0)

Recommended topics

Hot tags