Search code examples
flutterfirebasefirebase-app-check

How to check the reason why App Check does not verify the integrity of an app in release mode?

I have a flutter app that is released in the Android App Store... Overall, App Check works smoothly, but sometimes it does not verify the integrity of the app... I want to know why... How is it possible to display the IntegrityErrorCode programmatically from release build from a real device?

I see Integrity Error Codes in this link but how can I access those programmatically from flutter, from the device to display it to the user?

what I have done is:

Future<void> main() async{
    WidgetsFlutterBinding.ensureInitialized();    
    await Firebase.initializeApp(options: DefaultFirebaseOptions.currentPlatform,);
    await FirebaseAppCheck.instance.activate(androidProvider: AndroidProvider.playIntegrity);
    runApp(...);
  }

My app is published (not debug mode) in Android App Store... I linked my app to Firebase Firestore... For the signing key, I use the one from Google Play Console > Release > Setup > App Signing > App signing key certificate > SHA-256

and I copy that SHA-256 to Firebase > App Check > Apps > Android > Play Integrity >SHA-256 certificate fingerprint...

Overall, AppCheck works well 95% of the time.

Alternatively, is there a link/log I can access in Firebase or Google Cloud to see reason of AppCheck denial?

Solution

  • I found a partial solution...

    Surprisingly, we need to use the very general FirebaseException with try and Catch :

    Future<void> main() async{
WidgetsFlutterBinding.ensureInitialized();    
try {
  await Firebase.initializeApp(options: DefaultFirebaseOptions.currentPlatform,);
  await FirebaseAppCheck.instance.activate(androidProvider: AndroidProvider.playIntegrity, appleProvider: AppleProvider.appAttestWithDeviceCheckFallback);
  await FirebaseAppCheck.instance.getToken(false);  
}
on FirebaseException catch (e) {
  print("FirebaseException:" + e.toString());
}

runApp(....)

    See API details here: https://pub.dev/documentation/firebase_app_check/latest/firebase_app_check/FirebaseException-class.html

    and See all possible errors here: https://developer.android.com/google/play/integrity/reference/com/google/android/play/core/integrity/model/IntegrityErrorCode#CANNOT_BIND_TO_SERVICE

    This works well when starting the app... but does not work when the app is sent to background for long time, then reopened... App Check request fails but we don't see the error