flutterfire
flutterfire copied to clipboard
firebase
Release & Debug version of the app asking keychain permissions
Related to https://github.com/firebase/firebase-ios-sdk/issues/5540
When launching the app customers are reporting that they are asking for sensitive key-chain access.
We had to include Firebase Core in order to get FCM working..
Anyway around this? It's not acceptable to ask 8 times for Keychain access everytime the customer launches and many refuse to use "Always allow" which is completely reasonable.
I found a few problems with this issue:
- I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
- This issue does not seem to follow the issue template. Make sure you provide all the required information.
Sorry about the trouble.
- Please fill out the issue template including Firebase versions and installation method
- Please answer the questions at https://github.com/firebase/firebase-ios-sdk/issues/5540#issuecomment-625279873
We had to disable it and resort to Web-sockets and local notifications for MacOS. It's fairly strange for the plugin to ask for chain access 8 times, feels very wrong.
Flutter 3.0.1
firebase_core: ^1.17.0
firebase_messaging: ^11.4.0
This might be a Flutter specific issue, since we haven't had seen this issue with ObjC/Swift apps. I'll transfer the issue.
@paulb777 disabling the library stops with Platform.isMac stops it asking for keychain access. We're still compiling to MacOS though.
One more thought since the issue sounds similar to a development-only workflow we've seen for macOS. How is the app distributed? We would expect App Store signing to obviate the need for any keychain permission popups.
@paulb777 yes I originally thought that but release mode and signing made no difference. When released via the App Store the MacOS app was asked for keychain 8 times on launch.
@ollydixon If I understand correctly, the keychain permission is being asked for macOS after adding firebase_core / firebase_messaging plugin ?
@darshankawar indeed. Multiple times on every launch. Something that is not acceptable for a user journey.
Ok, can you try by removing sandbox capability from runner from macOS Xcode project and see if it helps ?
https://developer.apple.com/library/archive/documentation/Miscellaneous/Reference/EntitlementKeyReference/Chapters/EnablingAppSandbox.html#:~:text=You%20enable%20App%20Sandbox%20individually,sandbox%20for%20each%20target%20individually.
Hey @ollydixon. We need more information to resolve this issue but there hasn't been an update in 7 weekdays. I'm marking the issue as stale and if there are no new updates in the next 7 days I will close it automatically.
If you have more information that will help us get to the bottom of this, just add a comment!
@darshankawar sorry for the delay. We removed firebase in this project and are using an alternative push notifications system because of this bug.
Iβm sure the sample app will give the same bug for MacOS :-)
@ollydixon Incase you have more info for us regarding how to reproduce the issue, feel free to write back.
@maheshmnj I've given enough info for you to replicate. Just use the sample app and run it in MacOS.
@ollydixon
I ran the release version of flutter counter app targeting macOS with the following dependencies
firebase_core: ^1.17.1
firebase_messaging: ^11.4.1
logs
mahesh@Maheshs-MacBook-Air-M1 sample % flutter run -d macos --release
Launching lib/main.dart on macOS in release mode...
Running pod install... 1,332ms
objc[16507]: Class AMSupportURLConnectionDelegate is implemented in both /usr/lib/libamsupport.dylib (0x1e4faf640) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1086802c8). One of the two will be used. Which one is undefined.
objc[16507]: Class AMSupportURLSession is implemented in both /usr/lib/libamsupport.dylib (0x1e4faf690) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108680318). One of the two will be used. Which one is undefined.
objc[16507]: Class AppleTypeCRetimerRestoreInfoHelper is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf458) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1086804f8). One of the two will be used. Which one is undefined.
objc[16507]: Class AppleTypeCRetimerFirmwareAggregateRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf4a8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108680548). One of the two will be used. Which one is undefined.
objc[16507]: Class AppleTypeCRetimerFirmwareRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf4f8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108680598). One of the two will be used. Which one is undefined.
objc[16507]: Class ATCRTRestoreInfoFTABFile is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf548) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1086805e8). One of the two will be used. Which one is undefined.
objc[16507]: Class AppleTypeCRetimerFirmwareCopier is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf598) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108680638). One of the two will be used. Which one is undefined.
objc[16507]: Class ATCRTRestoreInfoFTABSubfile is implemented in both /usr/lib/libauthinstall.dylib (0x1e4faf5e8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108680688). One of the two will be used. Which one is undefined.
--- xcodebuild: WARNING: Using the first of multiple matching destinations:
{ platform:macOS, arch:arm64, id:00008103-0019553C36F2001E }
{ platform:macOS, arch:x86_64, id:00008103-0019553C36F2001E }
Building macOS application...
Flutter run key commands.
h List all available interactive commands.
c Clear the screen
q Quit (terminate the application on the device).
2022-06-13 10:40:16.870 sample[17552:136674] The operation couldnβt be completed. (OSStatus error 13.)
flutter doctor -v (mac)
[β] Flutter (Channel stable, 3.0.2, on macOS 12.4 21F79 darwin-arm, locale en-IN)
β’ Flutter version 3.0.2 at /Users/mahesh/Documents/flutter
β’ Upstream repository https://github.com/flutter/flutter.git
β’ Framework revision cd41fdd495 (5 days ago), 2022-06-08 09:52:13 -0700
β’ Engine revision f15f824b57
β’ Dart version 2.17.3
β’ DevTools version 2.12.2
[β] Android toolchain - develop for Android devices (Android SDK version 33.0.0-rc4)
β’ Android SDK at /Users/mahesh/Library/Android/sdk
β’ Platform android-32, build-tools 33.0.0-rc4
β’ ANDROID_HOME = /Users/mahesh/Library/Android/sdk
β’ Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
β’ Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
β’ All Android licenses accepted.
[β] Xcode - develop for iOS and macOS (Xcode 13.2.1)
β’ Xcode at /Applications/Xcode.app/Contents/Developer
β’ CocoaPods version 1.11.2
[β] Chrome - develop for the web
β’ Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[β] Android Studio (version 2021.2)
β’ Android Studio at /Applications/Android Studio.app/Contents
β’ Flutter plugin can be installed from:
π¨ https://plugins.jetbrains.com/plugin/9212-flutter
β’ Dart plugin can be installed from:
π¨ https://plugins.jetbrains.com/plugin/6351-dart
β’ Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
[β] IntelliJ IDEA Community Edition (version 2021.2.1)
β’ IntelliJ at /Applications/IntelliJ IDEA CE.app
β’ Flutter plugin version 61.2.4
β’ Dart plugin version 212.5080.8
[β] VS Code (version 1.67.2)
β’ VS Code at /Applications/Visual Studio Code.app/Contents
β’ Flutter extension version 3.42.0
[β] Connected device (3 available)
β’ sdk gphone arm64 (mobile) β’ emulator-5554 β’ android-arm64 β’ Android 11 (API 30) (emulator)
β’ macOS (desktop) β’ macos β’ darwin-arm64 β’ macOS 12.4 21F79 darwin-arm
β’ Chrome (web) β’ chrome β’ web-javascript β’ Google Chrome 102.0.5005.61
[β] HTTP Host Availability
β’ All required HTTP hosts are available
β’ No issues found!
But I don't see the app asking for keychain permissions. Let me know if I am missing anything or if the reproducible steps are incorrect.
Thanks
@maheshmnj was their an update?
Anyhow, you have probably previously accepted all. It remembers forever. Go to the keychain and clear any references to Google, flutter (thereβs many other names but I canβt remember).
I was getting this permission on two laptops and the QA personelle are reporting it as a bug.
Also is the counter app even connecting to Firebase?
I checked I do not have any flutter macos apps keychain permissions accepted
Also is the counter app even connecting to Firebase?
I did not run any firebase service only a plain counter app, with firebase dependencies specified above, If I need to run any specific firebase code which invokes the keychain access, then please let us know.
Thanks
@maheshmnj You need to connect to the Firebase service (your own) to fully run the test as you have not even initialized the package it will do nothing.
await Firebase.initializeApp(
options: DefaultFirebaseOptions.currentPlatform,
);
^^ Will trigger the keychain requests on MacOS.
Please follow the Firebase setup and make sure it's actually connecting and running the service.
Thanks for the info @ollydixon, I ran the below cloud_firestore sample code in release mode targeting macOS, And I was able to reproduce the issue, The keychain permission prompts were shown at least 7-8 times.
https://user-images.githubusercontent.com/31410839/173536225-494aa506-a933-49c2-a7da-c8489da47e9c.mp4
I am quite not sure if this from flutter, firebase plugins/sdk , Labeling this issue for further insights from the team.
logs
mahesh@Maheshs-MacBook-Air-M1 cloud_firestore_example % flutter run -d macos --release
Launching lib/main.dart on macOS in release mode...
Running pod install... 12.7s
objc[98739]: Class AMSupportURLConnectionDelegate is implemented in both /usr/lib/libamsupport.dylib (0x1fd99f640) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1082802c8). One of the two will be used. Which one is undefined.
objc[98739]: Class AMSupportURLSession is implemented in both /usr/lib/libamsupport.dylib (0x1fd99f690) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108280318). One of the two will be used. Which one is undefined.
objc[98739]: Class AppleTypeCRetimerRestoreInfoHelper is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f458) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1082804f8). One of the two will be used. Which one is undefined.
objc[98739]: Class AppleTypeCRetimerFirmwareAggregateRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f4a8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108280548). One of the two will be used. Which one is undefined.
objc[98739]: Class AppleTypeCRetimerFirmwareRequestCreator is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f4f8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108280598). One of the two will be used. Which one is undefined.
objc[98739]: Class ATCRTRestoreInfoFTABFile is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f548) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x1082805e8). One of the two will be used. Which one is undefined.
objc[98739]: Class AppleTypeCRetimerFirmwareCopier is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f598) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108280638). One of the two will be used. Which one is undefined.
objc[98739]: Class ATCRTRestoreInfoFTABSubfile is implemented in both /usr/lib/libauthinstall.dylib (0x1fd99f5e8) and /Library/Apple/System/Library/PrivateFrameworks/MobileDevice.framework/Versions/A/MobileDevice (0x108280688). One of the two will be used. Which one is undefined.
--- xcodebuild: WARNING: Using the first of multiple matching destinations:
{ platform:macOS, arch:arm64, id:00008103-0019553C36F2001E }
{ platform:macOS, arch:x86_64, id:00008103-0019553C36F2001E }
/Users/mahesh/Desktop/triage-examples/flutterfire_examples/cloud_firestore_example/macos/Pods/Pods.xcodeproj: warning: The macOS deployment target 'MACOSX_DEPLOYMENT_TARGET' is set to 10.7, but the range of supported deployment target versions is 10.9 to 12.2. (in target 'leveldb-library' from project 'Pods')
Building macOS application...
Flutter run key commands.
h List all available interactive commands.
c Clear the screen
q Quit (terminate the application on the device).
2022-06-14 14:16:20.683 cloud_firestore_example[7449:457108] The operation couldnβt be completed. (OSStatus error 13.)
code sample
// Copyright 2020, the Chromium project authors. Please see the AUTHORS file
// for details. All rights reserved. Use of this source code is governed by a
// BSD-style license that can be found in the LICENSE file.
import 'dart:math';
import 'package:flutter/material.dart';
import 'package:firebase_core/firebase_core.dart';
import 'package:cloud_firestore/cloud_firestore.dart';
/// Requires that a Firestore emulator is running locally.
/// See https://firebase.flutter.dev/docs/firestore/usage#emulator-usage
bool USE_FIRESTORE_EMULATOR = false;
Future<void> main() async {
WidgetsFlutterBinding.ensureInitialized();
await Firebase.initializeApp();
if (USE_FIRESTORE_EMULATOR) {
FirebaseFirestore.instance.useFirestoreEmulator('localhost', 8080);
}
runApp(MyApp());
}
final messagesCollection = FirebaseFirestore.instance.collection('messages');
class MessagesList extends StatefulWidget {
const MessagesList({Key? key}) : super(key: key);
@override
_MessagesListState createState() => _MessagesListState();
}
class _MessagesListState extends State<MessagesList> {
@override
Widget build(BuildContext context) {
final query =
messagesCollection.where('message', isEqualTo: 'Hello World').orderBy(
'sentDateTime',
descending: true,
);
return Scaffold(
floatingActionButton: FloatingActionButton(
onPressed: () {
final minutes = Random().nextInt(60);
final DateTime dateTime =
DateTime.now().add(Duration(minutes: minutes));
messagesCollection.add({
'message': 'Hello World',
'sentDateTime': Timestamp.fromDate(dateTime)
});
},
child: Icon(Icons.add),
),
appBar: AppBar(
title: const Text('Firestore Messages'),
),
body: StreamBuilder<QuerySnapshot>(
stream: query.snapshots(),
builder: (context, snapshot) {
if (snapshot.hasError) {
return Center(
child: Text(snapshot.error.toString()),
);
}
if (!snapshot.hasData) {
return const Center(child: CircularProgressIndicator());
}
final data = snapshot.data!.docs;
return ListView.builder(
itemCount: data.length,
itemBuilder: (context, index) {
final dateTime =
(data[index]['sentDateTime'] as Timestamp).toDate();
return ListTile(
title: Text('${data[index]['message']}'),
trailing: Text(dateTime.toString()),
);
},
);
},
),
);
}
}
class MyApp extends StatelessWidget {
const MyApp({Key? key}) : super(key: key);
@override
Widget build(BuildContext context) {
return MaterialApp(
title: 'Flutter Demo',
theme: ThemeData(
primarySwatch: Colors.blue,
),
home: const MessagesList(),
);
}
}
flutter doctor -v (mac)
[β] Flutter (Channel stable, 3.0.2, on macOS 12.4 21F79 darwin-arm, locale en-IN)
β’ Flutter version 3.0.2 at /Users/mahesh/Documents/flutter
β’ Upstream repository https://github.com/flutter/flutter.git
β’ Framework revision cd41fdd495 (5 days ago), 2022-06-08 09:52:13 -0700
β’ Engine revision f15f824b57
β’ Dart version 2.17.3
β’ DevTools version 2.12.2
[β] Android toolchain - develop for Android devices (Android SDK version 33.0.0-rc4)
β’ Android SDK at /Users/mahesh/Library/Android/sdk
β’ Platform android-32, build-tools 33.0.0-rc4
β’ ANDROID_HOME = /Users/mahesh/Library/Android/sdk
β’ Java binary at: /Applications/Android Studio.app/Contents/jre/Contents/Home/bin/java
β’ Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
β’ All Android licenses accepted.
[β] Xcode - develop for iOS and macOS (Xcode 13.2.1)
β’ Xcode at /Applications/Xcode.app/Contents/Developer
β’ CocoaPods version 1.11.2
[β] Chrome - develop for the web
β’ Chrome at /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
[β] Android Studio (version 2021.2)
β’ Android Studio at /Applications/Android Studio.app/Contents
β’ Flutter plugin can be installed from:
π¨ https://plugins.jetbrains.com/plugin/9212-flutter
β’ Dart plugin can be installed from:
π¨ https://plugins.jetbrains.com/plugin/6351-dart
β’ Java version OpenJDK Runtime Environment (build 11.0.12+0-b1504.28-7817840)
[β] IntelliJ IDEA Community Edition (version 2021.2.1)
β’ IntelliJ at /Applications/IntelliJ IDEA CE.app
β’ Flutter plugin version 61.2.4
β’ Dart plugin version 212.5080.8
[β] VS Code (version 1.67.2)
β’ VS Code at /Applications/Visual Studio Code.app/Contents
β’ Flutter extension version 3.42.0
[β] Connected device (3 available)
β’ sdk gphone arm64 (mobile) β’ emulator-5554 β’ android-arm64 β’ Android 11 (API 30) (emulator)
β’ macOS (desktop) β’ macos β’ darwin-arm64 β’ macOS 12.4 21F79 darwin-arm
β’ Chrome (web) β’ chrome β’ web-javascript β’ Google Chrome 102.0.5005.61
[β] HTTP Host Availability
β’ All required HTTP hosts are available
β’ No issues found!
@maheshmnj awesome now you see the bug. It's also the same for release mode. We cannot use Firebase on MacOS because of this, no customer is going to accept a highly suspicious key-chain request 8 times.
I have the same trouble. The first launch of the application without trying keychain. Everyone else with a bunch of keychain queries. Only core and analytics installed.
The error was fixed after configuring the application signing via xcode.
Can you elaborate a bit on this please?
This smells like a bug/regression IMHO, and I don't think changing the application signing will help.
We see the same issue in production builds, plus - we tried to completely change the BundleID/SKU/Identifier, and we can reprod this issue as soon as we add firebase analytics (this repo).
The solution for now, unfortunately, is to disable firebase analytics in our app.
@Aksi0 yes Aksi0, because we are signing a release version via the store. So I don't think this is a fix.
Problem reproduced when using crashalytics (so it's not only plugin:analytics), the error is probably in plugin:core.
- Add firebase_crashlytics to your project
- Throw Exception() in initState()
- Keychain access is triggered with crashalytics is sending the error to the FB backends.
@tommienu we're not using
crashalyticsfyi, just Firebase messaging.
Even more indication that the error is somewhere plugin:core then.
@tommienu indeed, this library, not good that they are forcing us to use this library to do Push Notifications on Android (because we had the nice and simple GCM). Otherwise I'd never put Firebase into any of our projects. Ah well.
I am having this issue with macOS as well - every time my app is run, in both debug and release modes, I am prompted for keychain access, and as mentioned above, this is not acceptable behavior for a user journey. In fact, this issue is actively preventing me from being able to release an app I've been working on.
I have tried the following things to fix the issue, with no success:
- Changing app signing from "Sign to run locally" to "Development"
- Turning off app sandbox (this actually breaks the app completely - it doesn't crash, but it also doesn't work)
If anyone has any insight into fixing this issue, it would be appreciated. Again, this is a release-blocking bug and unacceptable UX.
