29

I've updated the firebase library recently and didn't change anything else.

  implementation 'com.google.firebase:firebase-auth:20.0.1'
  implementation 'com.google.firebase:firebase-messaging:21.0.0'
  implementation 'com.google.firebase:firebase-storage:19.2.0' 
  implementation 'com.google.android.gms:play-services-auth:19.0.0'

but whenever a user tries to signup, a Recaptcha is showing for a few seconds and then sometimes redirects to a web browser (CustomChromeTab) after that OTP is received from firebase auth. It takes about 15-30 seconds. How to prevent the Recaptcha? However, I added the SHA1 and SHA256 in the firebase console and have not changed the code. Thanks.

Here is the screenshot of the captcha verification process:

enter image description here

Improve this question
6
  • have you found a solution? Commented Dec 15, 2020 at 8:05
  • yes! I uploaded the sha256 key. and the problem solved. Commented Dec 15, 2020 at 10:04
  • 5
    I added SHA256 key taken from play store, and from android studio terminal, but still getting this recaptcha pop up Commented Dec 15, 2020 at 10:55
  • upload both SHA256 and sha1 keys. that might help. Commented Dec 22, 2020 at 3:10
  • both uploaded but still showing Commented May 26, 2022 at 9:15

8 Answers 8

Reset to default
45

Most of the times while implementing dependencies like:

implementation 'androidx.browser:browser:1.2.0'

the above window pops-up in the browser.

Here, is a way to resolve it successfully.

Step 1-

In the Google Cloud Console, enable the Android DeviceCheck API for your project. The default Firebase API Key will be used, and needs to be allowed to access the DeviceCheck API.

enter image description here

Step 2-

If you haven't yet specified your app's SHA-256 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 fingerprint.

enter image description here

Hope it works!!! For more information, you can also check Google SafetyNet API for checking Google Play Services installation in device at the time of Phone Authentication.

Also, need to perform additional steps: Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour.

Improve this answer
Sign up to request clarification or add additional context in comments.

13 Comments

I did the above steps. But it still taking me to browser for captcha flow. I'm using firebase-bom:26.2.0.
Try to implement this dependency , implementation 'com.google.firebase:firebase-auth' and make sure that you have specified your SHA1 and SHA-256 as well as replace your google-service.json with the modified one.i.e, after saving your SHA-1 and SHA-256 in the firebase console.
How can I make connection between my firebase project and cloud console project. They are totally different. I have 2 projects in firebase. While there is no project in cloud console. How do I link them if I create a new project in Cloud console. Kindly guide me. @Mohd Asim
Thank you! Worked for me. Used phone auth for 2 years and the captcha addition caused problems - people would cancel before the window open, etc. This is now in the Firebase docs btw: firebase.google.com/docs/auth/android/phone-auth
its two years later, the SafetyNet API cannot be used for new projects anymore. I'm using the PlayIntegrity API and the recaptcha keeps popping up. Any ideas?
|
10

Don't forget to go in Firebase Project Settings > App check > and Register firebase project in SafetyNet and Play Integrity register with default time token 1 hour and u will remove reCaptcha from phone auth OTP!

Improve this answer

5 Comments

That's awesome. Can you tell the details of time token and change effect of it?
About token time, by default is 1 hour i suggest u to not change let 1 hour, thank you.
One point to note here is, even though SafetyNet is deprecated by this time, you have to register app in SafetyNet as well, otherwise captcha verification will come. I don't know whether its a bug or feature from firebase, but that's how it works. Believe me I have tried it by multiple times uninstalling and reinstalling the app, and SafetyNet registration is REQUIRED.
I already enable Play Integrity from google console as well as on firebase console app check but still I am seeing captcha screen. Please help!!
SafetyNet is deprecated and is no longer accepting new projects; please use the Play Integrity API instead. Support for SafetyNet will be removed by the deprecation deadline.
3

Try this alternative method to disable reCaptcha

mAuth = FirebaseAuth.getInstance();
// set this to remove reCaptcha web
mAuth.getFirebaseAuthSettings().setAppVerificationDisabledForTesting(true);

because I've been following Mohd Asim answer, and it doesn't work.

Improve this answer

3 Comments

Maybe, you've not re-update the google_services.json after including SHA1 and SHA256 keys in Firebase Console. It's still working... Hope it helps...
I updated the file, but it still doesn't work. Do you have a complete sample project to implement it? @MohdAsim
Updated code is FirebaseAuth.instanc.setSettings(appVerificationDisabledForTesting: true)
3

Step 1: Most of the times while implementing dependencies like:

implementation platform('com.google.firebase:firebase-bom:32.1.0')
implementation 'com.google.firebase:firebase-auth-ktx'
implementation 'androidx.browser:browser:1.5.0'
implementation 'com.google.android.play:integrity:1.1.0'

Step 2: If you haven't yet specified your app's SHA-256 and SHA-1 fingerprint, do so from the Settings Page of the Firebase console. Refer to Authenticating Your Client for details on how to get your app's SHA-256 and SHA-1 fingerprint.

Step 3: In the Google Cloud Console, enable the Google Play Integrity API for your project.

Step 4: In the Google play Console, enable the Google Play Integrity API for your project.

Improve this answer

1 Comment

Are you 100% sure that the com.google.android.play:integrity library must be included separately, and it's not part of the firebase-auth 21.2.0 library?
1

Additionally to the comments about enabling Play Integrity App Check in Firebase Project Settings:

For anyone else dealing with the reCaptcha browser redirection, first make sure you are using at least the com.google.firebase:firebase-auth:21.2.0 version.

If you are using Firebase BoM (to avoid endless version incompatibilities) then use at least BoM 31.4.0 which is bound to firebase-auth-21.2.0:

com.google.firebase:firebase-bom:31.4.0
com.google.firebase:firebase-auth

Source:

enter image description here

Improve this answer

Comments

1

2023 - SafetyNet is deprecated try below solution

According to the docmentation Play Integrity Support is available with the Authentication SDK v21.2.0+ (Firebase BoM v31.4.0+).

Make sure Firebase BoM version is BoM v31.4.0+

Now go the Firebase project -> build -> App Check -> Play Integrity Add your SHA-256 certificate fingerprint, leave the token settings as it is & click save. Make sure status is showing registered.

Enable Google Play Integrity API

Now run your app Recaptcha won't show.

Improve this answer

Comments

0

In order to remove the captcha verification, you have to do this in Google cloud console.

IMPORTANT (you may have done that, but for the reminder):

Add the SHA1 and SHA256 of your project (see how to get) in the firebase project setting page (See how to set).

  1. Go to the Library page in the Google APIs Console.

  2. In the search bar type "Android Device Verification", and select the Android Device Verification box (API). The Android Device Verification API dashboard screen appears.

  3. If the API isn't already enabled, click Enable. Hope here your problem solves and if not then proceed further.

  4. If the Create credentials button appears, click on it to generate an API key. Otherwise, click the All API credentials drop-down list, then select the API key that's associated with your project that has enabled the Android Device Verification API.

  5. In the sidebar on the left, click Credentials. Copy the API key that appears.

  6. Use this API key when you call the attest() method of the SafetyNetClient class.

For more information read this official page - https://developer.android.com/training/safetynet/attestation

Improve this answer

1 Comment

Android Device Verification was deprecated and replaced with Google Play Integrity API.
-1
  1. go to google cloud console
  2. Select project it should be same project in which firebase is running and make sure you have added sha-1 and sha-256 of both debug and release version and put updated google-services.json file in your app.
  3. search android device verification
  4. click on enable 5.done
Improve this answer

1 Comment

Android Device Verification was deprecated and replaced with Google Play Integrity API.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.