Is it necessary or advantageous to have unique SHA1 certificate fingerprints when adding an app to Firebase?

Question

When adding an app to Firebase with the intent to use dynamic links and app invites, Firebase asks for my SHA1 fingerprint that comes from my signing keystore.

I have only one keystore that I use for all of my apps. I vaguely recall reading somewhere that this is common, unless there is a compelling reason to have multiple keystores.

So my question is, since Firebase seems to want this fingerprint (along with the package name) to identify my app, is it necessary or advantageous to have different SHA1 fingerprints? Should I thus generate a different keystore in order to do so?

Thanks.

Answer 1

The SHA1 is not a mandatory requirement when adding an app to your Firebase Project, however, it is required when you need to (as per the helper seen in the Firebase Console):

Used to create an OAuth 2 client and API key for your app.

Where the OAuth 2 Client is used for authentication and authorization so that you can use some Google APIs.

However, if you're only going to use FCM, there is no such need for it.

Answer 2

The thing that needs to be unique is the combination of application id and SHA-1 hash. The SHA-1 hash proves to Play services that your app is actually your app built by you, and not some other impostor app that happens to have the same application id. You can use your signing key as much as you want, but you obviously can only have one app with a particular id installed on a device or published to the Play store.