The current Firebase Phone Otp uses Play Integrity API to validate the app before it sends phone OTP to users. While running it in an emulator causes it to launch the Recaptcha flow on a browser and running it on a physical device causes it to be automatically verified by the Play Integrity API when running it as a normal app, it crashes when used as an instant app.
The following stacktrace appears when crashing:
java.lang.RuntimeException: Unable to resume activity {com.example.myapp/com.google.firebase.auth.internal.RecaptchaActivity}: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.keystore.IKeystoreService.exist(java.lang.String, int)' on a null object reference
at android.app.ActivityThread.performResumeActivity(ActivityThread.java:4657)
at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:4690)
at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:52)
at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:176)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2267)
at android.os.Handler.dispatchMessage(Handler.java:107)
at android.os.Looper.loop(Looper.java:237)
at android.app.ActivityThread.main(ActivityThread.java:8167)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:496)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1100)
Caused by: java.lang.NullPointerException: Attempt to invoke interface method 'int android.security.keystore.IKeystoreService.exist(java.lang.String, int)' on a null object reference
at android.security.KeyStore.contains(KeyStore.java:426)
at android.security.keystore.AndroidKeyStoreSpi.engineContainsAlias(AndroidKeyStoreSpi.java:1038)
at java.security.KeyStore.containsAlias(KeyStore.java:1293)
at com.google.android.gms.internal.firebase-auth-api.zzjt.zzd(com.google.firebase:firebase-auth@@22.0.0:9)
at com.google.android.gms.internal.firebase-auth-api.zzjt.zzc(com.google.firebase:firebase-auth@@22.0.0:2)
at com.google.android.gms.internal.firebase-auth-api.zzjp.zzj(com.google.firebase:firebase-auth@@22.0.0:4)
at com.google.android.gms.internal.firebase-auth-api.zzjp.zzg(com.google.firebase:firebase-auth@@22.0.0:16)
at com.google.firebase.auth.internal.zzk.<init>(com.google.firebase:firebase-auth@@22.0.0:6)
at com.google.firebase.auth.internal.zzk.zza(com.google.firebase:firebase-auth@@22.0.0:2)
at com.google.firebase.auth.internal.RecaptchaActivity.zzb(com.google.firebase:firebase-auth@@22.0.0:9)
at com.google.android.gms.internal.firebase-auth-api.zzaai.<init>(com.google.firebase:firebase-auth@@22.0.0:14)
at com.google.firebase.auth.internal.RecaptchaActivity.onResume(com.google.firebase:firebase-auth@@22.0.0:47)
at android.app.Instrumentation.callActivityOnResume(Instrumentation.java:1454)
at android.app.Activity.performResume(Activity.java:8111)
at android.app.ActivityThread.performResumeActivity(ActivityThread.java:4647)
at android.app.ActivityThread.handleResumeActivity(ActivityThread.java:4690)
at android.app.servertransaction.ResumeActivityItem.execute(ResumeActivityItem.java:52)
at android.app.servertransaction.TransactionExecutor.executeLifecycleState(TransactionExecutor.java:176)
at android.app.servertransaction.TransactionExecutor.execute(TransactionExecutor.java:97)
at android.app.ActivityThread$H.handleMessage(ActivityThread.java:2267)
at android.os.Handler.dispatchMessage(Handler.java:107)
at android.os.Looper.loop(Looper.java:237)
at android.app.ActivityThread.main(ActivityThread.java:8167)
at java.lang.reflect.Method.invoke(Native Method)
at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:496)
at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1100)
I found a similar issue on Stackoverflow but it seems that google does not have fixes yet for using android keystore in instant apps.
Is there any other way to bypass the usage of Android Keystore in Firebase Phone OTP or someone else that managed to use Android Keystore in an Instant app? I welcome any ideas not tried before too.
