firebasegoogle-playfirebase-app-checkgoogle-play-integrity-api

How to make play integrity work with debug key?


We have set up Firebase App Check using Play Integrity in our android app. It works perfectly in release builds but I keep getting permission denied in debug builds. Here is why:

The company has a private signing key. The owner uses this key to generate release builds which are uploaded to the Google developer console. The company's developers don't have access to this key. They use another signing key in the development environment. We have added all three keys' SHA fingerprints to the Firebase project. Therefore the Google login and other services work fine both in debug and release builds. Now we noticed that Play Integrity only works with the release key (because Google Play only knows about upload and app signing keys). This means if we enforce App Check, then the debug builds will stop working. How could we escalate this issue?


Solution

  • We should use App Check with the debug provider as described:

    If, after you have registered your app for App Check, you want to run your app in an environment that App Check would normally not classify as valid, such as an emulator during development, or from a continuous integration (CI) environment, you can create a debug build of your app that uses the App Check debug provider instead of a real attestation provider.

    https://firebase.google.com/docs/app-check/android/debug-provider#:~:text=do%20the%20following%3A-,In%20the%20App%20Check%20section%20of%20the%20Firebase%20console%2C%20choose,that%20you%20keep%20it%20private.