androidfirebase-realtime-databasefirebase-app-check

Firebase App Check (RTDB) failure mode for unverified requests


I have an app deployed through Play that initially did not have Firebase App Check configured. I now integrated App Check into the App without enabling "Enforce" and observed over time after publishing that verified requests increase, but not reaching 100%.

When "Enforce" is enabled and some installs have yet to upgrade, what then is the failure mode for various RTDB calls such as:

I'd rather not enable "Enforce" just to find out the results as that will potentially cause crashes in unverified installations/requests.


Solution

  • Calls 1 and 2 will definitely succeed, as they're pure client-side operation and App Check is only enforced on the server.

    Call 3 will fail (for clients without a valid App Check token) with an permission denied error, same as when your security rules would reject the operation.