Question about handling App Check token generation failures with Play Integrity #9034
Closed
perarnaudalain
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm currently integrating Firebase App Check with the Play Integrity provider.
For now, I've only implemented token generation on the client side and I'm not yet enforcing App Check verification on my backend. My goal is to observe how token generation behaves in production before enabling enforcement.
During May 2026, approximately 100,000 Android users used my application. Around 8,000 users experienced failures while calling getToken().
Here are some of the exceptions I've collected:
{"message":"android.os.RemoteException: IntegrityService : Binder has died.","code":"token-error"}
{"message":"com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -2: Integrity API error (-2): The Play Store app is either not installed or not the official version.","code":"token-error"}
{"message":"java.net.UnknownHostException: Unable to resolve host "firebaseappcheck.googleapis.com": No address associated with hostname","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -1: Integrity API error (-1): Integrity API is not available.","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -12: Integrity API error (-12): Unknown internal Google server error.","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -8: Integrity API error (-8): The calling app is making too many requests to the API and hence is throttled.","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -3: Integrity API error (-3): Network error: unable to obtain integrity details.","code":"token-error"}
{"message":"com.google.android.play.core.integrity.IntegrityServiceException: -9: Integrity API error (-9): Binding to the service in the Play Store has failed.","code":"token-error"}
Some of these errors make sense to me (for example, app attestation failures or devices that do not meet Play Integrity requirements).
However, I'm less sure about how the other errors should be handled from an application perspective.
According to the Play Integrity documentation:
https://developer.android.com/google/play/integrity/error-codes
Should developers be implementing the recommended handling themselves (for example exponential backoff retries, prompting users to update the Play Store, asking them to install the official Play Store, etc.)?
My concern is that handling each error code individually could quickly become quite complex and result in a significant amount of application-specific logic. I'm wondering whether this is the expected approach when using Firebase App Check with Play Integrity, or if there are recommended patterns to simplify these scenarios.
Or are some of these recovery mechanisms expected to be handled automatically by Firebase App Check / react-native-firebase?
I'd appreciate any guidance or best practices from teams already running App Check with Play Integrity in production.
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions