How to test flutter firebase app check in release app

Posted on January 12th, 2023

To make sure when releasing to the app store or play store, the app check works properly, then we need to check to get the token successfully when the app build is in release mode.

If you use flutter firebase_app_check library, please note the following issues

Flutter firebase_app_check, using the default providers: Play Integrity on Android, Device Check on Apple platforms.

However, in the old version firebase_app_check 0.0.9+1, on Android using Safety Net provider. Safety Net provider is deprecated and will be removed in a future release. Play Integrity is the recommended provider.

Implement code:

// init
await Firebase.initializeApp();
await FirebaseAppCheck.instance.activate(
  androidProvider: kDebugMode ? AndroidProvider.debug : AndroidProvider.playIntegrity,

// get appCheckToken
String? appCheckToken;
try {
  appCheckToken = await FirebaseAppCheck.instance.getToken();
} catch (e) {}
debugPrint("appCheckToken: $appCheckToken");

Using App Check with DeviceCheck on iOS

Note that flutter ios uses Device Check not App Attest

ref: docs/app-check/ios/devicecheck-provider

Using App Check with Play Integrity on Android

Note that flutter android uses Play Integrity not Safety Net

ref: docs/app-check/android/play-integrity-provider

AppCheck Play Integrity can only get tokens successfully if installed through play store. If you install it directly from the apk or through the app center..., you cannot get the token. As for Safety Net, you can get the token successfully even if you install it directly from the apk.

In, after linking with firebase project in App integrity, you need to create an Internal testing to be able to install app from play store and can get token successfully.

Related content

Create an upload keystore

ref: android#create-an-upload-keystore

Reference the keystore from the app

ref: android#reference-the-keystore-from-the-app

Configure signing in gradle

ref: android#configure-signing-in-gradle