[firebase_app_check]: Error returned from API. code: 403 body: App attestation failed

[bboysidou]

Is there an existing issue for this?

• I have searched the existing issues.

Which plugins are affected?

App Check

Which platforms are affected?

Android

Description

Hi everybody,

I hope you’re doing well.

I’m experiencing an issue with App Check in my Flutter app. Everything was working fine until 02/09/2025, but afterwards I started receiving the following errors:

Error getting App Check token; using placeholder token instead.
Error: com.google.firebase.FirebaseException: No AppCheckProvider installed.
Logging in as <email> with empty reCAPTCHA token

What I’ve checked so far:

All flavors in my Flutter app are configured with the same SHA fingerprints found in firebase.

Installed the firebase_app_check Flutter package.

However, I’m not receiving the debug token when running in debug mode.

When I try to log in, App Check fails with the above errors.

Environment:

Platform: Flutter (Android only)

Date last working: 02/09/2025

Errors started: after 02/09/2025

Firebase services used: Authentication, App Check

Reproducing the issue

I run the app and the first expected should be the token that i need to add to firebase's App check. but nothing
in my main.dart i added
await Firebase.initializeApp();
await FirebaseAppCheck.instance.activate( androidProvider: AndroidProvider.debug, );

after adding this i start receiving
Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Too many attempts.

Error getting App Check token; using placeholder token instead. Error: com.google.firebase.FirebaseException: Error returned from API. code: 403 body: App attestation failed.

Firebase Core version

4.1.0

Flutter Version

3.35.3

Relevant Log Output

Flutter dependencies

Expand Flutter dependencies snippet

  firebase_analytics: ^12.0.1
  firebase_auth: ^6.0.2
  firebase_core: ^4.1.0
  firebase_crashlytics: ^5.0.1
  firebase_storage: ^13.0.1
  firebase_app_check: ^0.4.0+1
  cloud_firestore: ^6.0.1

Additional context and comments

when i run ./gradlew signingReport

all :app:signingReport had the same SHA1 and SHA-256 that is from the project keystore

but the packages like all firebase stuff :firebase_*:signingReport SHA1 and SHA-256 were created from the global keystore found in ~/.android/debug.keystore

[SelaseKay]

Hi @bboysidou, could you provide a complete minimal reproducible example in the form of repository I can clone to investigate further?

[bboysidou]

@SelaseKay yes for sure here
https://github.com/bboysidou/test_firebase

[SelaseKay]

Hi @bboysidou, did this error start happening after you updated your flutterfire plugins?

[google-oss-bot]

Hey @bboysidou. We need more information to resolve this issue but there hasn't been an update in 7 weekdays. I'm marking the issue as stale and if there are no new updates in the next 7 days I will close it automatically.

If you have more information that will help us get to the bottom of this, just add a comment!