I'm working on a capacitor app that uses capacitor-firebase-auth for phone auth using firebase. The app now has thousands of users and for the vast majority everything works fine. However, a few users per day are not able to login with phone number, and most of them are using a custom ROM like lineageos.
In order to debug the problem, I installed lineageos on one of my devices. Logcat of login with phone number looks like this:
05-26 13:23:51.630 97 97 W kswapd0 : type=1400 audit(0.0:109): avc: denied { write } for uid=0 path=2F6465762F6173686D656D2F7368617265645F6D656D6F72792F3836463635373034443144323445354233464446373530344133423843433132202864656C6574656429 dev="tmpfs" ino=242810 scontext=u:r:kernel:s0 tcontext=u:object_r:untrusted_app_tmpfs:s0:c512,c768 tclass=file permissive=0
05-26 13:23:51.649 14520 14560 I ContactDirectoryManager: deleted 0 stale rows which don't have any relevant directory
05-26 13:23:51.673 14520 14560 I ContactDirectoryManager: Discovered 0 contact directories in 406ms
05-26 13:23:52.163 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268017, service: Sentry, action: setExtraContext, actionArgs: [{}]
05-26 13:23:52.167 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268018, service: Sentry, action: setTagsContext, actionArgs: [{}]
05-26 13:23:52.171 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268019, service: Sentry, action: setUserContext, actionArgs: [{}]
05-26 13:23:52.174 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268020, service: Sentry, action: addBreadcrumb, actionArgs: [{"timestamp":1.622028232145E9,"category":"ui.click","message":"text-button.singleTB > button.ion-activatable[type=\"button\"]"}]
05-26 13:23:52.347 2597 2597 D wpa_supplicant: wlan0: Control interface command 'SIGNAL_POLL'
05-26 13:23:52.370 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x11
05-26 13:23:52.375 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x12
05-26 13:23:52.385 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x13
05-26 13:23:52.395 2597 2597 D wpa_supplicant: CTRL-DEBUG: global_ctrl_sock-sendto: sock=12 sndbuf=163840 outq=0 send_len=48
05-26 13:23:52.395 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=17
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 17
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=18
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 18
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=19
05-26 13:23:52.396 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 19
05-26 13:23:55.227 5559 5559 W Binder_3: type=1400 audit(0.0:110): avc: denied { read } for uid=10021 name="/" dev="tmpfs" ino=7476 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:object_r:device:s0 tclass=dir permissive=0
05-26 13:23:55.402 2597 2597 D wpa_supplicant: wlan0: Control interface command 'SIGNAL_POLL'
05-26 13:23:55.424 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x11
05-26 13:23:55.429 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x12
05-26 13:23:55.439 1228 2408 I WifiHAL : event received NL80211_CMD_VENDOR, vendor_id = 0x1374, subcmd = 0x13
05-26 13:23:55.452 2597 2597 D wpa_supplicant: CTRL-DEBUG: global_ctrl_sock-sendto: sock=12 sndbuf=163840 outq=0 send_len=48
05-26 13:23:55.452 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:55.452 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=17
05-26 13:23:55.452 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 17
05-26 13:23:55.452 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:55.452 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=18
05-26 13:23:55.453 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 18
05-26 13:23:55.453 2597 2597 D wpa_supplicant: nl80211: Drv Event 103 (NL80211_CMD_VENDOR) received for wlan0
05-26 13:23:55.453 2597 2597 D wpa_supplicant: nl80211: Vendor event: wiphy=0 vendor_id=0x1374 subcmd=19
05-26 13:23:55.453 2597 2597 D wpa_supplicant: nl80211: Ignore unsupported QCA vendor event 19
05-26 13:23:56.833 5559 5559 W Binder_3: type=1400 audit(0.0:111): avc: denied { search } for uid=10021 name="340" dev="proc" ino=242919 scontext=u:r:untrusted_app:s0:c512,c768 tcontext=u:r:zygote:s0 tclass=dir permissive=0
05-26 13:23:57.216 6307 6307 E zzbf : SafetyNet Attestation fails basic integrity.
05-26 13:23:57.251 1228 2266 I ActivityManager: START u0 {act=com.google.firebase.auth.internal.ACTION_SHOW_RECAPTCHA pkg=eu.appiphany.blindmate cmp=eu.appiphany.blindmate/com.google.firebase.auth.internal.RecaptchaActivity (has extras)} from uid 10118 on display 0
05-26 13:23:57.305 6307 6307 D Capacitor: App paused
05-26 13:23:57.362 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268021, service: Sentry, action: setExtraContext, actionArgs: [{}]
05-26 13:23:57.364 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268022, service: Sentry, action: setTagsContext, actionArgs: [{}]
05-26 13:23:57.366 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268023, service: Sentry, action: setUserContext, actionArgs: [{}]
05-26 13:23:57.370 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268024, service: Sentry, action: addBreadcrumb, actionArgs: [{"timestamp":1.622028237358E9,"category":"console","data":{"extra":{"arguments":["platform paused"]},"logger":"console"},"level":"log","message":"platform paused"}]
05-26 13:23:57.421 6307 14612 W System : Ignoring header X-Firebase-Locale because its value was null.
05-26 13:23:57.453 6307 6307 I Capacitor/Console: File: http://localhost/main-es2015.53bc4455e52f26fa9d19.js - Line 1 - Msg: platform paused
05-26 13:23:57.483 97 97 W kswapd0 : type=1400 audit(0.0:112): avc: denied { write } for uid=0 path=2F6465762F6173686D656D2F7368617265645F6D656D6F72792F3836463635373034443144323445354233464446373530344133423843433132202864656C6574656429 dev="tmpfs" ino=242810 scontext=u:r:kernel:s0 tcontext=u:object_r:untrusted_app_tmpfs:s0:c512,c768 tclass=file permissive=0
05-26 13:23:57.497 2681 2681 I GoogleInputMethodServic: GoogleInputMethodService.onFinishInput():3362
05-26 13:23:57.512 2681 2681 I GoogleInputMethodServic: GoogleInputMethodService.onStartInput():1943
05-26 13:23:57.530 1228 1257 I ActivityManager: Displayed eu.appiphany.blindmate/com.google.firebase.auth.internal.RecaptchaActivity: +220ms
05-26 13:23:57.553 6307 6307 D Capacitor: Saving instance state!
05-26 13:23:57.605 1228 4521 I ActivityManager: Process com.android.providers.calendar (pid 13526) has died
05-26 13:23:57.605 1228 4521 D ActivityManager: cleanUpApplicationRecord -- 13526
05-26 13:23:57.668 1228 3487 I ActivityManager: Process com.android.calendar (pid 13511) has died
05-26 13:23:57.669 1228 3487 D ActivityManager: cleanUpApplicationRecord -- 13511
05-26 13:23:57.818 6307 14612 E FirebaseAuth: [GetAuthDomainTask] Error getting project config. Failed with INVALID_CERT_HASH 400
05-26 13:23:57.913 6307 6307 E zzf : Failed to get reCAPTCHA token with error [There was an error while trying to get your package certificate hash.]- calling backend without app verification
05-26 13:23:57.933 6307 6307 D Capacitor/App: Firing change: true
05-26 13:23:57.933 6307 6307 V Capacitor/App: Notifying listeners for event appStateChange
05-26 13:23:57.934 6307 6307 D Capacitor/App: No listeners found for event appStateChange
05-26 13:23:57.948 6307 6307 D Capacitor: App resumed
05-26 13:23:57.951 2681 2681 I GoogleInputMethodServic: GoogleInputMethodService.onFinishInput():3362
05-26 13:23:57.953 2681 2681 I GoogleInputMethodServic: GoogleInputMethodService.onStartInput():1943
05-26 13:23:57.967 6307 6344 I FirebaseAuth: [FirebaseAuth:] Preparing to create service connection to fallback implementation
05-26 13:23:57.993 6307 6307 V Capacitor/Network: Notifying listeners for event networkStatusChange
05-26 13:23:57.994 6307 6307 D Capacitor/Network: No listeners found for event networkStatusChange
05-26 13:23:58.018 6307 6529 V Capacitor/Plugin: To native (Capacitor plugin): callbackId: 125401677, pluginId: PushNotifications, methodName: removeAllDeliveredNotifications
05-26 13:23:58.019 6307 6307 I Capacitor/Console: File: http://localhost/main-es2015.53bc4455e52f26fa9d19.js - Line 1 - Msg: platform resumed
05-26 13:23:58.019 6307 6529 V Capacitor: callback: 125401677, pluginId: PushNotifications, methodName: removeAllDeliveredNotifications, methodData: {}
05-26 13:23:58.039 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268025, service: Sentry, action: setExtraContext, actionArgs: [{}]
05-26 13:23:58.047 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268026, service: Sentry, action: setTagsContext, actionArgs: [{}]
05-26 13:23:58.053 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268027, service: Sentry, action: setUserContext, actionArgs: [{}]
05-26 13:23:58.057 6307 6529 V Capacitor/Plugin: To native (Cordova plugin): callbackId: Sentry1113268028, service: Sentry, action: addBreadcrumb, actionArgs: [{"timestamp":1.622028238004E9,"category":"console","data":{"extra":{"arguments":["platform resumed"]},"logger":"console"},"level":"log","message":"platform resumed"}]
05-26 13:23:58.147 1228 3487 I ActivityManager: Process com.google.android.googlequicksearchbox:search (pid 11076) has died
05-26 13:23:58.148 1228 3487 D ActivityManager: cleanUpApplicationRecord -- 11076
05-26 13:23:58.157 2681 2681 I AppBase : AppBase.onTrimMemory():784 onTrimMemory(): 5
05-26 13:23:58.179 2681 2681 I GoogleInputMethodServic: GoogleInputMethodService.onTrimMemory():4530 onTrimMemory(): 5
05-26 13:23:58.210 1228 2265 I ActivityManager: Process com.cyanogenmod.lockclock (pid 13607) has died
05-26 13:23:58.210 1228 2265 D ActivityManager: cleanUpApplicationRecord -- 13607
05-26 13:23:58.280 6307 6344 E FirebaseAuth: [SmsRetrieverHelper] SMS verification code request failed: unknown status code: 17093 null
05-26 13:23:58.301 3362 3362 D BoundBrokerSvc: onBind: Intent { act=com.google.android.gms.auth.api.phone.service.SmsRetrieverApiService.START pkg=com.google.android.gms }
05-26 13:23:58.302 3362 3362 D BoundBrokerSvc: Loading bound service for intent: Intent { act=com.google.android.gms.auth.api.phone.service.SmsRetrieverApiService.START pkg=com.google.android.gms }
05-26 13:23:58.308 6307 6307 W PhoneProviderHandler: PhoneAuth:onVerificationFailed:com.google.firebase.auth.FirebaseAuthException: This request is missing a valid app identifier, meaning that neither SafetyNet checks nor reCAPTCHA checks succeeded. Please try again, or check the logcat for more details.
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: PhoneAuth Sign In failure.
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: com.google.firebase.auth.FirebaseAuthException: This request is missing a valid app identifier, meaning that neither SafetyNet checks nor reCAPTCHA checks succeeded. Please try again, or check the logcat for more details.
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at com.google.android.gms.internal.firebase-auth-api.zztt.zza(com.google.firebase:firebase-auth@@20.0.3:26)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at com.google.android.gms.internal.firebase-auth-api.zzux.zza(com.google.firebase:firebase-auth@@20.0.3:1)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at com.google.android.gms.internal.firebase-auth-api.zzuy.run(com.google.firebase:firebase-auth@@20.0.3:3)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at android.os.Handler.handleCallback(Handler.java:739)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at android.os.Handler.dispatchMessage(Handler.java:95)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at android.os.Looper.loop(Looper.java:148)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at android.app.ActivityThread.main(ActivityThread.java:5461)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at java.lang.reflect.Method.invoke(Native Method)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:726)
05-26 13:23:58.335 6307 6307 E Capacitor/Plugin: at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:616)
05-26 13:23:58.336 6307 6307 D Capacitor: Sending plugin error: {"save":false,"callbackId":"125401676","pluginId":"CapacitorFirebaseAuth","methodName":"signIn","success":false,"error":{"message":"PhoneAuth Sign In failure."}}
05-26 13:23:58.401 6307 6307 E Capacitor/Console: File: http://localhost/main-es2015.53bc4455e52f26fa9d19.js - Line 1 - Msg: Error at cfaSignIn Error: PhoneAuth Sign In failure.
05-26 13:23:58.401 6307 6307 I Capacitor/Console: File: http://localhost/main-es2015.53bc4455e52f26fa9d19.js - Line 1 - Msg: signIn false
05-26 13:23:58.417 6307 6307 E Capacitor/Console: File: http://localhost/main-es2015.53bc4455e52f26fa9d19.js - Line 1 - Msg: failed to login with phone unable to send code
05-26 13:23:58.459 2597 2597 D wpa_supplicant: wlan0: Control interface command 'SIGNAL_POLL'
with the relevant lines probably being
05-26 13:23:57.216 6307 6307 E zzbf : SafetyNet Attestation fails basic integrity.
05-26 13:23:57.818 6307 14612 E FirebaseAuth: [GetAuthDomainTask] Error getting project config. Failed with INVALID_CERT_HASH 400
05-26 13:23:57.913 6307 6307 E zzf : Failed to get reCAPTCHA token with error [There was an error while trying to get your package certificate hash.]- calling backend without app verification
05-26 13:23:58.308 6307 6307 W PhoneProviderHandler: PhoneAuth:onVerificationFailed:com.google.firebase.auth.FirebaseAuthException: This request is missing a valid app identifier, meaning that neither SafetyNet checks nor reCAPTCHA checks succeeded. Please try again, or check the logcat for more details.
I now followed every suggestion that I could find in order to solve this problem:
implementation 'androidx.browser:browser:1.3.0' to my app/build.gradle dependencies sectionAs I said, phone auth works fine for the vast majority of users, so there seems to be some problem connected to custom ROMs / lineageos. Does anybody know how to fix this?
ok, I found the solution: for some reason, google-services.json did not include my play store signing SHA1 key, despite it being present in firebase admin console. Solution: I removed the SHA1 key and added it again... Afterwards, google-services.json included my release SHA1 and phone auth works even on lineageos.
Apparently SHA256 is required for phone verification using safetynet which works on standard androids, and SHA1 is only required for the recaptcha flow which is required on non-standard androids. This explains why it worked for the vast majority of users.