Native Android Firebase AppCheck App attestation failed

Question

I am running the following code from android to get the AppCheck Token. However, I am getting an error with in.

FirebaseAppCheck.getInstance()
                .getAppCheckToken(true)
                .addOnSuccessListener(new OnSuccessListener<AppCheckToken>() {
                    @Override
                    public void onSuccess(@NonNull AppCheckToken tokenResponse) {
                        String appCheckToken = tokenResponse.getToken();
                        new FirebaseAPIFunction(appCheckToken).execute();
                    }
                }).addOnFailureListener(new OnFailureListener() {
            @Override
            public void onFailure(@NonNull Exception e) {
                e.printStackTrace();
            }
        });

This is the error I am receiving.

W/System.err: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.
W/System.err:     at com.google.firebase.appcheck.internal.NetworkClient.exchangeAttestationForAppCheckToken(NetworkClient.java:177)
W/System.err:     at com.google.firebase.appcheck.safetynet.internal.SafetyNetAppCheckProvider.lambda$exchangeSafetyNetAttestationResponseForToken$1$SafetyNetAppCheckProvider(SafetyNetAppCheckProvider.java:186)
W/System.err:     at com.google.firebase.appcheck.safetynet.internal.-$$Lambda$SafetyNetAppCheckProvider$B6GhOWtZfyrWKLfSayghedQVnKQ.call(Unknown Source:4)
W/System.err:     at com.google.android.gms.tasks.zzv.run(Unknown Source:2)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
W/System.err:     at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
W/System.err:     at java.lang.Thread.run(Thread.java:920)

When setting up the App Attestation for Android, I used the SHA 256 key within my Google Play Store Console under this information.

What is the best way to fix this from the client?

Answer 1

To get FCM access token you may try below code

        FirebaseMessaging.getInstance().getToken()
            .addOnCompleteListener(task -> {
                if (!task.isSuccessful())
                {
                    SOUT("Fetching FCM registration token failed");
                    return;
                }
                SOUT("FCM:>"+task.getResult());
                sharedPref.edit().putString(Constants.shk_FCM_KEY,""+task.getResult()).commit();
            });

You will get token using this task.getResult() ;

Answer 2

I have found a solution. If you are using the debug provider, it is probably because your debug token has expired. A new one has been generated in the Android Studio console. Add it to your Firebase application so that the tests you make continue to work or you can change the expiration date of each token (This will apply both for debug and production).

Note: It is not recommended to use an expiration greater than one hour when your application is already in production.

Luck!