search

invertase / react-native-firebase

🔥 A well-tested feature-rich modular Firebase implementation for React Native. Supports both iOS & Android platforms for all Firebase services.
https://rnfirebase.io
Other
11.69k stars 2.21k forks source link

Android / AppCheck - SafetyNet deprecation, Play Integrity support #6434

Closed birdofpreyru closed 1 year ago

birdofpreyru commented 2 years ago

Issue

As per Firebase App Check docs the SafetyNet provider has been deprecated, and superseded by Play Integrity. Though, RN Firebase App Check docs still read the following, and I have not found any existing issue regarding this:

This App Check module has built-in support for using the following services as attestation providers:

  • DeviceCheck on iOS
  • SafetyNet on Android

Not sure, does it require any changes in RN Firebase to support Play Integrity? Is only a matter of updating the RN Firebase documentation? Also what's up with iOS AppAttest provider?

Project Files

Javascript

Click To Expand

#### `package.json`: ```json # N/A ``` #### `firebase.json` for react-native-firebase v6: ```json # N/A ```

iOS

Click To Expand

#### `ios/Podfile`: - [ ] I'm not using Pods - [x] I'm using Pods and my Podfile looks like: ```ruby # N/A ``` #### `AppDelegate.m`: ```objc // N/A ```

Android

Click To Expand

#### Have you converted to AndroidX? - [ ] my application is an AndroidX application? - [ ] I am using `android/gradle.settings` `jetifier=true` for Android compatibility? - [ ] I am using the NPM package `jetifier` for react-native compatibility? #### `android/build.gradle`: ```groovy // N/A ``` #### `android/app/build.gradle`: ```groovy // N/A ``` #### `android/settings.gradle`: ```groovy // N/A ``` #### `MainApplication.java`: ```java // N/A ``` #### `AndroidManifest.xml`: ```xml ```

Environment

Click To Expand

**`react-native info` output:** ``` OUTPUT GOES HERE ``` - **Platform that you're experiencing the issue on**: - [ ] iOS - [ ] Android - [ ] **iOS** but have not tested behavior on Android - [ ] **Android** but have not tested behavior on iOS - [ ] Both - **`react-native-firebase` version you're using that has this issue:** - `e.g. 5.4.3` - **`Firebase` module(s) you're using that has the issue:** - `e.g. Instance ID` - **Are you using `TypeScript`?** - `Y/N` & `VERSION`

dehypnosis commented 1 year ago

Folks, does play integrity even work in your physical device? Mine always got the too many requests exception. As the notification of deprecation email warns me repeatedly, I need to fix this issue. But I have still no clue at all yet.

birdofpreyru commented 1 year ago

@dehypnosis It seems to work fine in my apps. If you experience it during development & testing, perhaps you have not setup App Check for debugging correctly (i.e. debug token)? I imagine, perhaps after some number of failed checks it just starts to aggressively rate limit requests from the same device.

dehypnosis commented 1 year ago

@birdofpreyru Thank you for sharing. I was able to use debug mode without trouble, but there were troubles in release bundles.

I want to share my case too for someone. My app was using Google Play App Signing feature which make the app bundle signature on store different from the upload key signature. So, for someone like me, just add GooglePlay App Signing signature to Firebase console app settings. And using internal testing