使用入门:将 App Check 与自定义提供程序搭配使用 (Android)
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
本页介绍了如何使用自定义 App Check 提供方在 Android 应用中启用 App Check。启用 App Check 有助于确保只有您的应用可以访问项目的 Firebase 资源。
如果您希望将 App Check 与默认的 Play Integrity 提供方搭配使用,请参阅使用 Play Integrity 启用 App Check (Android)。
准备工作
1. 将 App Check 库添加到您的应用中
在
模块(应用级)Gradle 文件(通常是
<project>/<app-module>/build.gradle.kts 或
<project>/<app-module>/build.gradle)中,添加
App Check 库的依赖项。我们建议使用
Firebase Android BoM 来实现库版本控制。
dependencies {
// Import the BoM for the Firebase platform
implementation(platform("com.google.firebase:firebase-bom:34.1.0"))
// Add the dependency for the App Check library
// When using the BoM, you don't specify versions in Firebase library dependencies
implementation("com.google.firebase:firebase-appcheck")
}
借助 Firebase Android BoM,可确保您的应用使用的始终是 Firebase Android 库的兼容版本。
(替代方法)
在不使用 BoM 的情况下添加 Firebase 库依赖项
如果您选择不使用 Firebase BoM,则必须在每个 Firebase 库的依赖项行中指定相应的库版本。
请注意,如果您在应用中使用多个 Firebase 库,我们强烈建议您使用 BoM 来管理库版本,从而确保所有版本都兼容。
dependencies {
// Add the dependency for the App Check library
// When NOT using the BoM, you must specify versions in Firebase library dependencies
implementation("com.google.firebase:firebase-appcheck:19.0.0")
}
2. 实现 App Check 接口
首先,您需要创建实现 AppCheckProvider 和 AppCheckProviderFactory 接口的类。
您的 AppCheckProvider 类必须具有 getToken() 方法,用于收集您的自定义 App Check 提供方作为真实性证明所需要的所有信息,并将其发送到令牌获取服务以换取 App Check 令牌。App Check SDK 会处理令牌缓存,因此,请始终在您的 getToken() 实现中获取新令牌。
Kotlin
class YourCustomAppCheckToken(
private val token: String,
private val expiration: Long,
) : AppCheckToken() {
override fun getToken(): String = token
override fun getExpireTimeMillis(): Long = expiration
}
class YourCustomAppCheckProvider(firebaseApp: FirebaseApp) : AppCheckProvider {
override fun getToken(): Task<AppCheckToken> {
// Logic to exchange proof of authenticity for an App Check token and
// expiration time.
// ...
// Refresh the token early to handle clock skew.
val expMillis = expirationFromServer * 1000L - 60000L
// Create AppCheckToken object.
val appCheckToken: AppCheckToken = YourCustomAppCheckToken(tokenFromServer, expMillis)
return Tasks.forResult(appCheckToken)
}
}
Java
public class YourCustomAppCheckToken extends AppCheckToken {
private String token;
private long expiration;
YourCustomAppCheckToken(String token, long expiration) {
this.token = token;
this.expiration = expiration;
}
@NonNull
@Override
public String getToken() {
return token;
}
@Override
public long getExpireTimeMillis() {
return expiration;
}
}
public class YourCustomAppCheckProvider implements AppCheckProvider {
public YourCustomAppCheckProvider(FirebaseApp firebaseApp) {
// ...
}
@NonNull
@Override
public Task<AppCheckToken> getToken() {
// Logic to exchange proof of authenticity for an App Check token and
// expiration time.
// ...
// Refresh the token early to handle clock skew.
long expMillis = expirationFromServer * 1000L - 60000L;
// Create AppCheckToken object.
AppCheckToken appCheckToken =
new YourCustomAppCheckToken(tokenFromServer, expMillis);
return Tasks.forResult(appCheckToken);
}
}
此外,请实现 AppCheckProviderFactory 类,用于创建 AppCheckProvider 实现的实例:
Kotlin
class YourCustomAppCheckProviderFactory : AppCheckProviderFactory {
override fun create(firebaseApp: FirebaseApp): AppCheckProvider {
// Create and return an AppCheckProvider object.
return YourCustomAppCheckProvider(firebaseApp)
}
}
Java
public class YourCustomAppCheckProviderFactory implements AppCheckProviderFactory {
@NonNull
@Override
public AppCheckProvider create(@NonNull FirebaseApp firebaseApp) {
// Create and return an AppCheckProvider object.
return new YourCustomAppCheckProvider(firebaseApp);
}
}
3. 初始化 App Check
将以下初始化代码添加到您的应用,使其在您使用任何其他 Firebase SDK 之前运行:
Kotlin
Firebase.initialize(context)
Firebase.appCheck.installAppCheckProviderFactory(
YourCustomAppCheckProviderFactory(),
)
Java
FirebaseApp.initializeApp(/*context=*/ context);
FirebaseAppCheck firebaseAppCheck = FirebaseAppCheck.getInstance();
firebaseAppCheck.installAppCheckProviderFactory(
new YourCustomAppCheckProviderFactory());
后续步骤
将 App Check 库安装到您的应用中之后,开始将更新后的应用分发给用户。
更新后的客户端应用会开始将 App Check 令牌随其发出的每个请求一起发送到 Firebase;不过,您在 Firebase 控制台的 App Check 部分中启用强制执行之前,Firebase 产品并不会要求令牌必须有效。
监控指标并启用强制执行
不过,在启用强制执行之前,您应该确保这样做不会干扰现有的合法用户。另一方面,如果您发现自己的应用资源被非法使用,建议您尽快启用强制执行。
为帮助您做出相关决策,建议您查看自己使用的服务的 App Check 指标:
启用 App Check 强制执行
在了解 App Check 对用户有何影响并为后续操作做好准备之后,您便可以启用 App Check 强制执行:
在调试环境中使用 App Check
为 App Check 注册应用后,如果您希望在 App Check 通常不会归类为有效提供方的环境(例如开发期间的模拟器)或持续集成 (CI) 环境中运行您的应用,可以创建应用的调试 build,该 build 使用 App Check 调试提供方,而不是真正的证明提供方。
请参阅将 App Check 与调试提供方搭配使用 (Android)。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-21。
[null,null,["最后更新时间 (UTC):2025-08-21。"],[],[],null,["This page shows you how to enable App Check in an Android app, using [your\ncustom App Check provider](/docs/app-check/android/custom-provider). When you enable App Check,\nyou help ensure that only your app can access your project's Firebase resources.\n\nIf you want to use App Check with the default Play Integrity provider, see\n[Enable App Check with Play Integrity on Android](/docs/app-check/android/play-integrity-provider).\n\nBefore you begin\n\n- [Add Firebase to your Android project](/docs/android/setup) if you haven't\n already done so.\n\n- [Implement your custom App Check provider's server-side logic](/docs/app-check/custom-provider).\n\n1. Add the App Check library to your app In your **module (app-level) Gradle file** (usually `\u003cproject\u003e/\u003capp-module\u003e/build.gradle.kts` or `\u003cproject\u003e/\u003capp-module\u003e/build.gradle`), add the dependency for the App Check library for Android. We recommend using the [Firebase Android BoM](/docs/android/learn-more#bom) to control library versioning.\n\n\u003cbr /\u003e\n\n```carbon\ndependencies {\n // Import the BoM for the Firebase platform\n implementation(platform(\"com.google.firebase:firebase-bom:34.1.0\"))\n\n // Add the dependency for the App Check library\n // When using the BoM, you don't specify versions in Firebase library dependencies\n implementation(\"com.google.firebase:firebase-appcheck\")\n}\n```\n\nBy using the [Firebase Android BoM](/docs/android/learn-more#bom),\nyour app will always use compatible versions of Firebase Android libraries.\n*(Alternative)*\nAdd Firebase library dependencies *without* using the BoM\n\nIf you choose not to use the Firebase BoM, you must specify each Firebase library version\nin its dependency line.\n\n**Note that if you use *multiple* Firebase libraries in your app, we strongly\nrecommend using the BoM to manage library versions, which ensures that all versions are\ncompatible.** \n\n```groovy\ndependencies {\n // Add the dependency for the App Check library\n // When NOT using the BoM, you must specify versions in Firebase library dependencies\n implementation(\"com.google.firebase:firebase-appcheck:19.0.0\")\n}\n```\n\n\u003cbr /\u003e\n\n2. Implement the App Check interfaces\n\nFirst, you need to create classes that implement the `AppCheckProvider` and\n`AppCheckProviderFactory` interfaces.\n\nYour `AppCheckProvider` class must have a `getToken()` method, which collects\nwhatever information your custom App Check provider requires as proof of\nauthenticity, and sends it to your token acquisition service in exchange for an\nApp Check token. The App Check SDK handles token caching, so always get\na new token in your implementation of `getToken()`. \n\nKotlin \n\n```kotlin\nclass YourCustomAppCheckToken(\n private val token: String,\n private val expiration: Long,\n) : AppCheckToken() {\n override fun getToken(): String = token\n override fun getExpireTimeMillis(): Long = expiration\n}\n\nclass YourCustomAppCheckProvider(firebaseApp: FirebaseApp) : AppCheckProvider {\n override fun getToken(): Task\u003cAppCheckToken\u003e {\n // Logic to exchange proof of authenticity for an App Check token and\n // expiration time.\n // ...\n\n // Refresh the token early to handle clock skew.\n val expMillis = expirationFromServer * 1000L - 60000L\n\n // Create AppCheckToken object.\n val appCheckToken: AppCheckToken = YourCustomAppCheckToken(tokenFromServer, expMillis)\n return Tasks.forResult(appCheckToken)\n }\n}https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/CustomProvider.kt#L16-L40\n```\n\nJava \n\n```java\npublic class YourCustomAppCheckToken extends AppCheckToken {\n private String token;\n private long expiration;\n\n YourCustomAppCheckToken(String token, long expiration) {\n this.token = token;\n this.expiration = expiration;\n }\n\n @NonNull\n @Override\n public String getToken() {\n return token;\n }\n\n @Override\n public long getExpireTimeMillis() {\n return expiration;\n }\n}\n\npublic class YourCustomAppCheckProvider implements AppCheckProvider {\n public YourCustomAppCheckProvider(FirebaseApp firebaseApp) {\n // ...\n }\n\n @NonNull\n @Override\n public Task\u003cAppCheckToken\u003e getToken() {\n // Logic to exchange proof of authenticity for an App Check token and\n // expiration time.\n // ...\n\n // Refresh the token early to handle clock skew.\n long expMillis = expirationFromServer * 1000L - 60000L;\n\n // Create AppCheckToken object.\n AppCheckToken appCheckToken =\n new YourCustomAppCheckToken(tokenFromServer, expMillis);\n\n return Tasks.forResult(appCheckToken);\n }\n}https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/CustomProvider.java#L17-L62\n```\n\nAlso, implement a `AppCheckProviderFactory` class that creates instances of your\n`AppCheckProvider` implementation: \n\nKotlin \n\n```kotlin\nclass YourCustomAppCheckProviderFactory : AppCheckProviderFactory {\n override fun create(firebaseApp: FirebaseApp): AppCheckProvider {\n // Create and return an AppCheckProvider object.\n return YourCustomAppCheckProvider(firebaseApp)\n }\n}https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/CustomProvider.kt#L44-L49\n```\n\nJava \n\n```java\npublic class YourCustomAppCheckProviderFactory implements AppCheckProviderFactory {\n @NonNull\n @Override\n public AppCheckProvider create(@NonNull FirebaseApp firebaseApp) {\n // Create and return an AppCheckProvider object.\n return new YourCustomAppCheckProvider(firebaseApp);\n }\n}https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/CustomProvider.java#L66-L73\n```\n\n3. Initialize App Check\n\nAdd the following initialization code to your app so that it runs before you use\nany other Firebase SDKs: \n\nKotlin \n\n```kotlin\nFirebase.initialize(context)\nFirebase.appCheck.installAppCheckProviderFactory(\n YourCustomAppCheckProviderFactory(),\n)https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/kotlin/CustomProvider.kt#L54-L57\n```\n\nJava \n\n```java\nFirebaseApp.initializeApp(/*context=*/ context);\nFirebaseAppCheck firebaseAppCheck = FirebaseAppCheck.getInstance();\nfirebaseAppCheck.installAppCheckProviderFactory(\n new YourCustomAppCheckProviderFactory());https://github.com/firebase/snippets-android/blob/391c1646eacf44d2aab3f76bcfa60dfc6c14acf1/appcheck/app/src/main/java/com/google/firebase/example/appcheck/CustomProvider.java#L78-L81\n```\n\nNext steps\n\nOnce the App Check library is installed in your app, start distributing the\nupdated app to your users.\n\nThe updated client app will begin sending App Check tokens along with every\nrequest it makes to Firebase, but Firebase products will not require the tokens\nto be valid until you enable enforcement in the App Check section of the\nFirebase console.\n\nMonitor metrics and enable enforcement\n\nBefore you enable enforcement, however, you should make sure that doing so won't\ndisrupt your existing legitimate users. On the other hand, if you're seeing\nsuspicious use of your app resources, you might want to enable enforcement\nsooner.\n\nTo help make this decision, you can look at App Check metrics for the\nservices you use:\n\n- [Monitor App Check request metrics](/docs/app-check/monitor-metrics) for Firebase AI Logic, Data Connect, Realtime Database, Cloud Firestore, Cloud Storage, Authentication, Google Identity for iOS, Maps JavaScript API, and Places API (New).\n- [Monitor App Check request metrics for Cloud Functions](/docs/app-check/monitor-functions-metrics).\n\nEnable App Check enforcement\n\nWhen you understand how App Check will affect your users and you're ready to\nproceed, you can enable App Check enforcement:\n\n- [Enable App Check enforcement](/docs/app-check/enable-enforcement) for Firebase AI Logic, Data Connect, Realtime Database, Cloud Firestore, Cloud Storage, Authentication, Google Identity for iOS, Maps JavaScript API, and Places API (New).\n- [Enable App Check enforcement for Cloud Functions](/docs/app-check/cloud-functions).\n\nUse App Check in debug environments\n\nIf, after you have registered your app for App Check, you want to run your\napp in an environment that App Check would normally not classify as valid,\nsuch as an emulator during development, or from a continuous integration (CI)\nenvironment, you can create a debug build of your app that uses the\nApp Check debug provider instead of a real attestation provider.\n\nSee [Use App Check with the debug provider on Android](/docs/app-check/android/debug-provider)."]]
