I set up App Check for iOS and Android on Flutter. iOS devices are working fine and able to access my RT Database and Cloud Functions. However, Android devices are blocked. I used the SHA-256 certificate fingerprint generated on Google Play Console. Also, Firebase says my Android app is registered. So, everything looks ok, but it’s not.
I don’t know what to check at this point because there is no error on my side. The only thing I can see is unverified: invalid requests from App Check request metrics.
This is my Flutter code to activate App Check:
void main() async {
await Firebase.initializeApp(
options: DefaultFirebaseOptions.currentPlatform,
);
await FirebaseAppCheck.instance.activate();
runApp(MyApp());
}
This is a log info from Cloud Functions:
Callable request verification passed {"verifications"{"auth":"MISSING","app":"MISSING"}}
3
Answers
So just leaving a comment in case this helps.
I had the same issue but made this work after using the SHA-256 under "App Signing key certificate" (It wasn’t working until I used Upload key certificate). Hope this helps in any way.
I have solved my problem and I have recently received my first "App Check Verified Request" successfully at my Firebase Cloud Firestore App Check request metrics.
I only added "Play Integrity" until now, because the Firebase documentation (https://firebase.google.com/docs/app-check/android/safetynet-provider) uses the following statement: "Note: The SafetyNet Attestation API is deprecated and has been replaced by the Play Integrity API. Consider enabling App Check with Play Integrity instead. See the deprecation timeline for more information."
To solve the problem, it will be enough to apply the following:
Firebase Console -> Project Settings -> App Check -> Apps -> Add SafetyNet as additional Attestation providers.
I have now Play Integrity and SafetyNet both together. Now App Check Requests are working also for "Real device", "Release build" and "Closed Testing" scenario.
I suggest using "Consider enabling App Check with both Play Integrity and SafetyNet." instead of "Consider enabling App Check with Play Integrity instead." on Firebase Documentation.
Thanks for adding such a great service that improves security in any case.
This might be too obvious for most, but you need to enable play integrity in the Google Play console.
To do this, you have to select your app in the play console and then go to the Integrity API tab under Release -> Setup -> App integrity. Here you have to link your project to a Google Cloud project to use play integrity.
That was the only thing I was missing. I hope it might help someone.