We have an Android application published in the Play Store that was working correctly. This app uses Firebase auth for authentication, specifically version: com.google.firebase:firebase-bom:31.0.3, which in theory still uses Safetynet.

A few days ago we did some testing by enabling the Play Integrity API in Google Cloud and we also enabled Play Integrity in Play Store. Since that time the authentication in the Store app has started to fail and causing the application to crash.

We have also check that the Android Device Verification API in Google Cloud has been registered a lot of errors since then.

The same app launched from Android Studio or downloaded from Firebase Distribution works fine, but only the version downloaded form the Play Store fails, and only in some devices. The throwing error is the following:

java.lang.NullPointerException: Attempt to invoke virtual method 'android.content.Context android.content.Context.getApplicationContext()' on a null object reference
at android.content.ContextWrapper.getApplicationContext(ContextWrapper.java:156)
at androidx.localbroadcastmanager.content.LocalBroadcastManager.getInstance(LocalBroadcastManager.java:107)
at com.google.firebase.auth.internal.zzax.zzh(com.google.firebase:firebase-auth@@21.1.0:1)
at com.google.firebase.auth.internal.zzax.zzg(com.google.firebase:firebase-auth@@21.1.0:1)
at com.google.firebase.auth.internal.zzf.zze(com.google.firebase:firebase-auth@@21.1.0:6)
at com.google.firebase.auth.internal.zzf.zzd(Unknown Source:0) at com.google.firebase.auth.internal.zzb.onSuccess(com.google.firebase:firebase-auth@@21.1.0:5)
at com.google.android.gms.tasks.zzm.run(com.google.android.gms:play-services-tasks@@18.0.1:1)
at android.os.Handler.handleCallback(Handler.java:942)
at android.os.Handler.dispatchMessage(Handler.java:99)
at android.os.Looper.loopOnce(Looper.java:211)
at android.os.Looper.loop(Looper.java:300)
at android.app.ActivityThread.main(ActivityThread.java:8152)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:580)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1028)

We have added our release SHA-1 and SHA-256 fingerprints to Firebase console. Would it be necessary to update the google-services.json of our app with these changes?

We have disabled the Play Integrity API in Google Cloud but the problem persists. In Play Store we can no longer disable Play Integrity.

Also an option is to update our Firebase library. In that case, would be enough to update the version number or an extra play-integrity check implementation or integration is needed? Would be necessary to add any play-integrity library to our app?