To make sure when releasing to the app store or play store, the app check works properly, then we need to check to get the token successfully when the app build is in release mode.
If you use flutter firebase_app_check library, please note the following issues
Flutter firebase_app_check, using the default providers: Play Integrity on Android, Device Check on Apple platforms.
However, in the old version firebase_app_check 0.0.9+1, on Android using Safety Net provider. Safety Net provider is deprecated and will be removed in a future release. Play Integrity is the recommended provider.
Implement code:
// init
await Firebase.initializeApp();
await FirebaseAppCheck.instance.activate(
androidProvider: kDebugMode ? AndroidProvider.debug : AndroidProvider.playIntegrity,
);
// get appCheckToken
String? appCheckToken;
try {
appCheckToken = await FirebaseAppCheck.instance.getToken();
} catch (e) {}
debugPrint("appCheckToken: $appCheckToken");
Using App Check with DeviceCheck on iOS
Note that flutter ios uses Device Check not App Attest
Using App Check with Play Integrity on Android
Note that flutter android uses Play Integrity not Safety Net
AppCheck Play Integrity can only get tokens successfully if installed through play store. If you install it directly from the apk or through the app center..., you cannot get the token. As for Safety Net, you can get the token successfully even if you install it directly from the apk.
In play.google.com/console, after linking with firebase project in App integrity, you need to create an Internal testing to be able to install app from play store and can get token successfully.