Skip to content

fix(firebase_app_check): Add play integrity check to app_check activation #9450

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 5 commits into from
Closed

fix(firebase_app_check): Add play integrity check to app_check activation #9450

wants to merge 5 commits into from

Conversation

@the-recondite
Copy link

@the-recondite the-recondite commented Aug 31, 2022

Description

This PR adds the play integrity check to the already present SafetyNet app check when activating firebase app_check. Previously, only the SafetyNetAppCheck was being initialized. This PR was created to fix #9178. We need the play integrity check to make sure the installation of our app is legit.

Related Issues

closes #9178

Checklist

Before you create this PR confirm that it meets all requirements listed below by checking the relevant checkboxes ([x]).
This will ensure a smooth and quick review process. Updating the pubspec.yaml and changelogs is not required.

  • I read the Contributor Guide and followed the process outlined there for submitting PRs.
  • My PR includes unit or integration tests for all changed/updated/fixed behaviors (See Contributor Guide).
  • All existing and new tests are passing.
  • I updated/added relevant documentation (doc comments with ///).
  • The analyzer (melos run analyze) does not report any problems on my PR.
  • I read and followed the Flutter Style Guide.
  • I signed the CLA.
  • I am willing to follow up on review comments in a timely manner.

Breaking Change

Does your PR require plugin users to manually update their apps to accommodate your change?

  • Yes, this is a breaking change.
  • No, this is not a breaking change.

the-recondite and others added 2 commits August 31, 2022 11:14
@the-recondite
Added play integrity check to added safety net check for appcheck act…
5866cfb 
…ivation
@the-recondite
Merge pull request #1 from flooz-link/chore/use-play-integrity-for-ap…
5af6e76 
…pcheck

Added play integrity check to added safety net check for appcheck act…
@the-recondite the-recondite reopened this Aug 31, 2022
@russellwheatley russellwheatley added platform: android Issues / PRs which are specifically for Android. type: missing-feature A feature that is supported on the underlying Firebase SDK but has not been exposed to Dart API. plugin: app_check labels Sep 6, 2022
nohe427
nohe427 reviewed Sep 7, 2022
View reviewed changes
...ndroid/src/main/java/io/flutter/plugins/firebase/appcheck/FlutterFirebaseAppCheckPlugin.java
try {
FirebaseAppCheck firebaseAppCheck = getAppCheck(arguments);
firebaseAppCheck.installAppCheckProviderFactory(
SafetyNetAppCheckProviderFactory.getInstance());
Copy link
Contributor

@nohe427 nohe427 Sep 7, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel like SafetyNet should be behind a flag. SafetyNet is eventually being deprecated and the Play Console is warning folks about SafetyNet being present in their APKs and AABs. I think PlayIntegrityAPI should be the default choice and then optionally have a flag that can switch over to safetyNet, but not have both appcheck providers active at the same time since both provide attestation.

@AngryVelociraptor
Copy link

AngryVelociraptor commented Sep 11, 2022

Adding my support for this issue to be resolved, I was confused today when I learned that flutterfire only supports a deprecated API for android app check.
Don't forget to update this page.

@russellwheatley russellwheatley mentioned this pull request Sep 13, 2022
Merged
10 tasks
@russellwheatley
Copy link
Member

russellwheatley commented Sep 30, 2022

Hey @the-recondite, thanks for the PR. Hope you don't mind, but we favored a different approach: #9646 😄

@firebase firebase locked and limited conversation to collaborators Oct 31, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@nohe427 nohe427 nohe427 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

platform: android Issues / PRs which are specifically for Android. plugin: app_check type: missing-feature A feature that is supported on the underlying Firebase SDK but has not been exposed to Dart API.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[📚] [firebase_app_check] Play Integrity Support

4 participants

@the-recondite @AngryVelociraptor @russellwheatley @nohe427