Play Store Warning : play-services-safetynet (com.google.android.gms:play-services-safetynet) has reported critical issues with version 17.0.0

Question

I got this warning from play store when I was trying to update my Flutter on play store.

The developer of play-services-safetynet (com.google.android.gms:play-services-safetynet) has reported critical issues with version 17.0.0. Consider upgrading before publishing a new release.

Here's what the SDK developer told us:
The SafetyNet Attestation API is being discontinued and replaced by the new Play Integrity API. Begin migration as soon as possible to avoid user disruption. The Play Integrity API includes all the integrity signals that SafetyNet Attestation offers and more, like Google Play licensing and better error messaging. Learn more and start migrating at https://developer.android.com/training/safetynet/deprecation-timeline

I am not using safe-net implementation in my build.gradle file may be some thirdparty pulgin is using this but tried flutter upgrade also to ensure updating all packages. but still I am getting this critical warning from play store. If any body have solution please let me know. Thanks in advance.

here is my pubspec.yaml implementations:

  cupertino_icons: ^1.0.2
  get: ^4.6.1
  path_provider: ^2.0.2+1
  get_storage: ^2.0.3
  file_picker: ^4.5.1
  cached_network_image: ^3.2.1
  shimmer: ^2.0.0
  introduction_screen: ^3.0.2
  json_serializable: ^6.1.4
  flutter_screenutil: ^5.0.0+2
  url_launcher: ^6.0.5
  google_fonts: ^2.3.1
  carousel_slider: ^4.0.0
  fluttertoast: ^8.0.8
  change_app_package_name: ^1.0.0
  font_awesome_flutter: ^10.1.0
  photo_view: ^0.13.0
  new_version: ^0.2.2
  shared_preferences: ^2.0.13
  bottom_bar: ^2.0.0
  intl: ^0.17.0
  http: ^0.13.4
  pull_to_refresh: ^2.0.0
  connectivity_plus: ^2.3.5
  image_picker: ^0.8.5+3
  syncfusion_flutter_pdfviewer: ^20.1.61-beta
  vdocipher_flutter: ^1.0.0-beta.6
  webview_flutter: ^3.0.4
  get_cli: ^1.8.1
  flutter_linkify: ^5.0.2
  flutter_countdown_timer: ^4.1.0
  webview_flutter_plus: ^0.3.0+2
  flutter_downloader: ^1.8.0+1  #integrate for ios also
  android_path_provider: ^0.3.0
  device_info_plus: ^4.0.0
  permission_handler: ^10.0.0
  open_file: ^3.2.1
  package_info_plus: ^1.4.2

ref image :

Answer 1

Exclude safetynet module by kotlin dsl (at bottom of your app gradle module):

configurations.all {
    exclude(group = "com.google.android.gms", module = "play-services-safetynet")
}

Answer 2

Firebase Authentication library itself import the SafetyNet Attestation API for there internal usage.

In latest version of Firebase Authentication 22.0.0 they have removed SafetyNet Attestation API and now uses the Play integrity.

So update your Authentication library version or if uses the Firebase BOM then update version to 32.0.0 or latest version.

Answer 3

Update - March 28, 2023

Released Firebase Auth 21.2.0 (BoM 31.4.0) which adds support for Play Integrity in phone auth https://firebase.google.com/support/release-notes/android#auth_v21-2-0

However, as latest comment: https://github.com/firebase/firebase-android-sdk/issues/3890#issuecomment-1488368740

But I still see the warning in the Play console.
=> That's because the SafetyNet SDK is still being used as a fallback.We plan to completely remove the SafetyNet SDK in a future release - I will post a new comment to this thread when that happens.

I wonder if the play integrity API is NOT enabled in my Firebase Console > App Check. Then, ignore this warning, does it cause any blocking/ issue when using my app (with Phone authen method)?

Answer 4

com.google.gms:google-services itself has contained safetyNet API. As you see in version of gg services to latest 4.3.13, it has safetyNet ver 18.0 and it's OK.

https://developers.google.com/android/guides/setup#list-dependencies How to suppress the "Avoid using bundled version of Google Play services SDK" warning? https://developers.google.com/android/guides/releases

Updated: 13/10/2022

• If the problem related to Firebase Auth then this is the issue, and it hasn't fixed yet: https://github.com/firebase/firebase-android-sdk/issues/3890
• Google's guys say that they have more priority issues https://github.com/firebase/firebase-android-sdk/issues/3890#issuecomment-1230092869
• More infor:
  • June 2023 is migration deadline: The app will continue to work but there might be issues and deprecation warnings.
  • June 2024: Apps with SafetyNet will stop working.
• Until that time, you should ignore and subscribe for newest update. https://github.com/firebase/firebase-android-sdk/issues/3890#issuecomment-1237167170

Thanks!

Answer 5

Had same issue with Google Play for firebase Auth library. Unfortunately it did not have option to update to version that had updated Safetynet module. So had to find a working way to exclude the module from my project.

This is what I had:

dependencies {
    implementation platform('com.google.firebase:firebase-bom:30.3.2')
    implementation 'com.google.firebase:firebase-auth'
}

For my project the best option was to exclude the safetynet module from all libraries. Fow what ever reason, single library exclusion did not work.

dependencies {
    implementation platform('com.google.firebase:firebase-bom:30.3.2')
    implementation 'com.google.firebase:firebase-auth'
}
configurations.all {
    exclude group: 'com.google.android.gms', module: 'play-services-safetynet'
}

The above solution should work for any project that has this issue regardless of what library actually has the safetynet module included.

For anyone interested, here are easy commands to check your projects dependencies in Android Studio Terminal (this writes them in txt file for easier reading):

./gradlew app:dependencies > dependencies.txt