I have a flutter app that is released in the Android App Store… Overall, App Check works smoothly, but sometimes it does not verify the integrity of the app… I want to know why… How is it possible to display the IntegrityErrorCode programmatically from release build from a real device?
I see Integrity Error Codes in this link but how can I access those programmatically from flutter, from the device to display it to the user?
what I have done is:
Future<void> main() async{
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp(options: DefaultFirebaseOptions.currentPlatform,);
await FirebaseAppCheck.instance.activate(androidProvider: AndroidProvider.playIntegrity);
runApp(...);
}
My app is published (not debug mode) in Android App Store… I linked my app to Firebase Firestore… For the signing key, I use the one from Google Play Console > Release > Setup > App Signing > App signing key certificate > SHA-256
and I copy that SHA-256 to Firebase > App Check > Apps > Android > Play Integrity >SHA-256 certificate fingerprint…
Overall, AppCheck works well 95% of the time.
Alternatively, is there a link/log I can access in Firebase or Google Cloud to see reason of AppCheck denial?
2
Answers
I found the solution...
Surprisingly, we need to use the very general
FirebaseExceptionwithtryandCatch:See API details here: https://pub.dev/documentation/firebase_app_check/latest/firebase_app_check/FirebaseException-class.html
and See all possible errors here: https://developer.android.com/google/play/integrity/reference/com/google/android/play/core/integrity/model/IntegrityErrorCode#CANNOT_BIND_TO_SERVICE
To programmatically access and display the IntegrityErrorCode from Firebase App Check in a Flutter app, you can listen for errors using the onError stream provided by FirebaseAppCheck. The IntegrityErrorCode can be accessed from the error object when it occurs. Here’s how to do it:
Listen for Integrity Errors:
In your Flutter app, you can listen for integrity errors by adding an event listener to the FirebaseAppCheck.onTokenError stream. When an error occurs, you can access the IntegrityErrorCode from the error object.
Handle Integrity Errors:
In the event listener, you can check the IntegrityErrorCode and take appropriate actions based on the error code. For example, you can display a message to the user or log the error for debugging purposes.
Error Handling:
The code above handles both the case where App Check is not available (IntegrityErrorCode.appCheckNotAvailable) and the case where App Check verification failed (IntegrityErrorCode.appCheckFailed).
Regarding accessing logs or reasons for App Check denial, Firebase and Google Cloud do not typically provide detailed logs or reasons for App Check denial to the developer through the Firebase or Google Cloud Console. If an App Check request is denied, you would typically handle the denial as shown above, logging the error code and message for debugging purposes in your app.
However, for more in-depth analysis or to access detailed logs, you might need to implement custom logging within your app to record relevant information when App Check errors occur and send them to a server or a logging service for later analysis. This way, you can collect and review logs independently of Firebase or Google Cloud for additional insight into the reasons for denial.