App attestation failed with Firebase App check in release on Android

About

Asked 27/4 at 12:39 Answered 13/9 at 10:10

Solved android firebase security google-cloud-platform firebase-app-check

Integrating Firebase into my Android app and have configured it with the SHA-256 certificate fingerprint from my Google key. However, the setup isn't working, and all requests to Firebase are blocked.

Error output:

Error getting App Check token; using placeholder token instead. Error: n8.j: Error returned from API. code: 403 body: App attestation failed.

I've followed the docs:

Enabled APIs
Add the code in my app

Code :

    Firebase.initialize(context = this)
    if (BuildConfig.DEBUG) {
        Firebase.appCheck.installAppCheckProviderFactory(
            DebugAppCheckProviderFactory.getInstance(),
        )
    } else {
        Firebase.appCheck.installAppCheckProviderFactory(
            PlayIntegrityAppCheckProviderFactory.getInstance(),
        )
    }

Added the SHA256 of the signature key provided in the Play console -> key management section

It works on debug but not on release.

Is there a specific setting that I might be missing, or could this be an issue with the fingerprint itself?

Cytochemistry answered 27/4 at 12:39 Comment(12)

Have you generated and downloaded google-services.json file from Google Cloud Project > API & Services > Credentials > API Keys and used same file in your project ? – Cytochemistry 3/5 at 11:41

I can't download google-services.json from API keys, but there is an API key "Android key (auto created by Firebase)" and the value of this key is the same as the "current_key" inside my google-services.json – Cytochemistry 3/5 at 15:2

can you match the package name of app.gradle and and firebase json – Cytochemistry 3/5 at 17:17

Yes the package name is the same :/ – Cytochemistry 3/5 at 18:1

You need to generate new build from Google certificate and install that build and check in device for firebase is working or not. – Cytochemistry 3/5 at 19:31

I don't understand: - "new build from Google certificate" ? - " check in device for firebase" ? – Cytochemistry 4/5 at 7:52

check this link for more information developer.android.com/studio/publish/app-signing#enroll – Cytochemistry 4/5 at 10:26

My app is already signed with Google App signing – Cytochemistry 4/5 at 10:40

Did you download the app from the Google Play Store on a real device? – Flare 26/6 at 15:58

Yes the app is dowloaded on a real device, from Google Play but from the internal testing channel. Could it be the issue? – Cytochemistry 29/6 at 16:47

yes, that's the problem – Beaubeauchamp 9/8 at 10:29

So I need to push it in production in order to test it? That's weird, no? – Cytochemistry 10/8 at 11:14

I finally created a new app (with a new package name) on the Google Play console and everything works now 🥸.

I don't know if with my multiple attempts, I've been "blacklisted" by Appcheck but anyway, if someone faces the same issue, just create a new app.

Cytochemistry answered 13/9 at 10:10 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags