16

I developed an app with Flutter and Firebase that uses the phone authentication feature for Android and IOS. Everything works as expected except that the recaptcha is showing for Android.

To solve this, it says in the documentation that we need to use SafetyNet, however, it is impossible now to enable it from Firebase AppChecker since it's deprecated. I have been using the new Play Integrity API that is supposed to replace SafetyNet but it doesn't seem to work at the moment (the recaptcha is visible).

If someone has a solution, please share it! Thank you in advance for your time

Mark Alexander
  • 191
  • 7
  • 3
    exactly the same problem. Did you already come up with a solution? I thought that I might haven't set up the Play Integrity API correctly. – RaideR Feb 15 '23 at 16:19
  • Google Support writes: Unfortunately, we are unable to provide a timeline for Play Integrity API phone authentication implementation. For now, you can use reCAPTCHA verification for phone number authentications. SafetyNet deprecation is not related to reCAPTCHA API. The two SafetyNet APIs are independent, and the Attestation API deprecation will not affect the reCAPTCHA API. You can still use this API even after migrating to Play Integrity API. We will update this document as soon as we can to avoid confusion. – RaideR Feb 20 '23 at 08:24
  • not really sure, but it's possible that SafetyNet also blocks OTP to real devices. Add new API, Play integrity, reconfigure flutterfire, still the console print SafetyNet failure with code 7 – Sayyid J Mar 19 '23 at 10:33

3 Answers3

1

You're right: the SafetyNet API is deprecated and cannot be used for newly created projects after 31 January 2023.

Unfortunately, the Play Integrity API cannot handle OTP authentication at the moment. The Google Support wrote me:

[...] Please note that Firebase Phone Authentication (OTP) has not yet been featured for Play Integrity API yet.

The solution is to further use the SafetyNet Attestation API. You have to apply for this. The process took around three weeks for my project.

If you got approved, you have to go to the library page in your Google API Console and activate the "Android Device Verification API".

With the following project setup it should work and you shouldn't see the recaptcha anymore:

  • Google Cloud Console: Link your app via App Integrity with the Google Play Integrity API
  • firebase project --> App Check --> Select your Android app --> Link it with the Play Integrity API
  • Enable Android Device Verification API after successfully applying for it

Note: the process is independent of using Flutter and is the same for e.g. also React Native or Android projects.

RaideR
  • 869
  • 1
  • 12
  • 33
1

I was having a similar challenge but this was happening during development however, after deploying it to playstore it stopped. Firebase phone authentication is not suppose to require reCAPTCHA but if you experiencing this then probably:

  1. You making too many request with that number within a short period.
    Solution: Whitelist the number you using for the authentication when in development.
  2. You are using a phone number that is frequently used for spam or abuse, Firebase may require a reCAPTCHA challenge to ensure that the verification request is legitimate.
    Solution: Use a different number for the authentication.
Charles Arko-Clayman
  • 266
  • 2
  • 7
0

I faced a lot of issues with Google Authentication Service. Sometimes, OTPs don't come through properly. My suggestion is to go for third-party API services instead, as this can lead to less code. Some of the third-party phone authentication services include:

2 Factor

Text Local

These services offer phone authentication solutions and can be used as alternatives to Google Authentication Service.

bovop4
  • 224
  • 1
  • 9