Phone auth after SafetyNet deprecation

[Thaigun]

Hi,
while trying to implement Phone authentication to a new app, we ran into SafetyNet not accepting new developers since January 31st. I understood that we must use Play Integrity API and App Check to make the phone authentication work.

However, RNFirebase documentation implies that App Check won't work with Auth.

App Check currently works with the following Firebase products:

Realtime Database
Cloud Firestore
Cloud Storage
Cloud Functions (callable functions)

What steps should I take to implement Phone Authentication in a new application on Android? Do we need to bother about @react-native-firebase/app-check?

[mikehardy]

I believe auth and appcheck are separate.

AppCheck can use Play Integrity as a source of app trust verification, this is something you would set up inside AppCheck using the PlayIntegrity app check token provider

Auth can use Play Integrity as a source of app trust verification, and I think for this you just need to do the Play Integrity configuration as specified in firebase-android-sdk setup docs for Auth / Play Integrity and...it should work as the firebase-android-sdk handles all that stuff underneath react-native-firebase without any effort on our part. Assuming (dangerous!) I understand it correctly

[mikehardy]

firebase-android-sdk BoM 31.4.0 supports play integrity as the default method for phone auth, I'm working on a PR for that now and will release it shortly

[Thaigun]

That's great, we tried it and it seemed to work! We get some occasional, weird errors but they are really hard to pinpoint to any specific reason. Could be that Google has shadow-banned our real numbers...

[Thaigun]

For someone else running into the same issue, turns out you don't have to do much manual setup. Just make sure you have the authentication method enabled and correct fingerprints setup in Firebase console. Our problem was that the fingerprint given by Expo that we use was not the same fingerprint that the release built had. For the release build fingerprints, we had to find them in Play Console.