AppCheck + AppAttest getAppCheckToken failing for 10% of users in production

[jacobsapps]

Description

We rolled out Firebase AppCheck to our iOS users last month, however there are a significant minority of users in production who are getting issues from DeviceCheck:

Failed to create a block of data that demonstrates the legitimacy of the app instance (`generateAssertion:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash.length = 32; DCErrorInvalidInput - An error code that indicates when your app provides data that isn’t formatted correctly.
--

(Error Domain=com.apple.devicecheck.error Code=2 "(null)")

Docs for DCErrorInvalidInput unfortunately tell us less than the error itself:
https://developer.apple.com/documentation/devicecheck/dcerror-swift.struct/code/invalidinput

However there were 2 individuals on the Apple forums experiencing similar issues:

https://forums.developer.apple.com/forums/thread/700819
https://forums.developer.apple.com/forums/thread/744674

Our AppCheck implementation is as defined in the docs:

func getAppCheckToken() async throws -> String {
        try await AppCheck.appCheck().token(forcingRefresh: false).token    
}

There was an issue last year, in May 2023, somebody with the exact same problem, getting frequent device check errors (DCErrorInvalidInput), as well as some less frequent errors (DCErrorInvalidKey):

#11264

This issue was closed in November 2023 after a bug-fix release, however the OP didn't confirm whether the issue was fixed after the change.

In November 2023, a change was rolled out in 10.18.0 which addressed the DCErrorInvalidKey issue:

#11986

I've not seen any DCErrorInvalidKey issues in our logs, so it seems that fix worked, however it didn't seem to prevent the DCErrorInvalidInput issue I'm seeing. This issue is pretty critical for us; since we are currently blocking a sizeable minority of our users from creating accounts or making purchases.

Reproducing the issue

Unsure specifically what's causing the issue but rolling out AppCheck into production caught a large minority of users who have this issue.

Firebase SDK Version

10.23.0

Xcode Version

15.2

Installation Method

Swift Package Manager

Firebase Product(s)

App Check

Targeted Platforms

iOS

Relevant Log Output

nserror-domain:	
com.firebase.appCheck

NSLocalizedFailureReason:	
Failed to create a block of data that demonstrates the legitimacy of the app instance (`generateAssertion:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash.length = 32; DCErrorInvalidInput - An error code that indicates when your app provides data that isn’t formatted correctly.

NSUnderlyingError:	
Error Domain=com.apple.devicecheck.error Code=2 "(null)"

If using Swift Package Manager, the project's Package.resolved

No response

If using CocoaPods, the project's Podfile.lock

No response

[google-oss-bot]

I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.

[paulb777]

@jacobsapps Thanks for sharing the detailed issue report and analysis.

Are there any patterns on iOS version for the users that are seeing the issue?

[jacobsapps]

Hey @paulb777, it seems to be mostly iOS 17 users, but this isn't surprising as it's the latest version.

Full results here:
iOS 17.3.1 | 1826
iOS 17.4 | 398
iOS 16.7.5 | 224
iOS 17.4.1 | 142  
iOS 16.6.1 | 136
iOS 16.6 | 133  
iOS 16.7.6 | 114
iOS 16.3.1 | 95

Notably we target 15+ and found zero errors from them. Fairly even device distribution across iPhone models.

Noticed a couple issues were mentioned - #11264 is definitely experiencing the same issue (DCErrorInvalidInput), however the fix that was posted at the end of the thread only addressed the secondary problem (DCErrorInvalidKey)

Is this likely to be an AppCheck issue, or perhaps AppAttest itself on Apple's side?

Let me know anything more I can do to help debug the issue.

[paulb777]

Thanks for sharing @jacobsapps. It's looking more and more like an issue on Apple's side.

We've added additional error logging in a 10.18.2 version of AppCheckCore just published.

In addition to the iOS version, there may be a pattern in the clientDataHash's that fail.

[themtaysw]

Just to add +1 to this issue, I am experiencing the same issue since today afternoon.

LOG: Appcheck error: [Error: [appCheck/token-error] The operation couldn’t be completed. Failed to create a block of data that demonstrates the legitimacy of the app instance (`generateAssertion:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash.length = 32; DCErrorInvalidKey - An error caused by a failed attempt to use the App Attest key.]

for unknown reason the AppCheck stopped working for my project.

[paulb777]

@themtaysw As described above, the DCErrorInvalidKey error was addressed in the 10.18.0 release. If you're seeing that in a more recent Firebase version, please open another issue with the issue template completed.

[hassaan22]

Hi there, experiencing the same issue. I am not getting the DCErrorInvalidKey but I am getting the DCErrorInvalidInput. We are on v10.23.0 which is the latest release as of now.

Note, similar to above comments, our implementation was working fine for a while and recently started failing with this error:

The operation couldn’t be completed. Failed to attest the validity of the generated cryptographic key (`attestKey:clientDataHash:completionHandler:`); 
keyId.length = 44, clientDataHash.length = 32; 
DCErrorInvalidInput - An error code that indicates when your app provides data that isn’t formatted correctly."

This is a really big issue for our team and any insight or workarounds would be greatly appreciated (besides turning off the enforcement itself). It is breaking a whole set of major workflows that rely on a valid App Check token.

In the last 24 hours, we are seeing that our live app store build is getting:
~22% Failures
~78% Success
coming from Firebase App check, and most of these errors are returning the error message copied above DCErrorInvalidInput

This is from ~30k calls, so its a very broad sample size, so something is definitely going wrong here with the 22% failure rate.

[jacobsapps]

Thanks for all the responses so far. So from what I've gathered, this DCErrorInvalidInput issue has been a problem since at least May 2023, however it's possible that the frequency of this issue has increased.

You suspect it's an issue on Apple's side, and the recent Apple forums thread with the same issue has no response from Apple either.

At this stage, if the issue is on Apple's side, would you suggest is it reasonable to look for another provider which isn't a wrapper on App Attest / Device Check?

What has anyone else done?

[willnix86]

+1 on this issue. Affecting roughly 10% of our users. Following this issue for updates!

[IbrahimSam96]

We are experiencing same issue. Would be nice to get a solution

[JonatanLoop]

we seeing this issue in a reproducible way when a user is migrating to a new phone and restoring their apps/data, let me know if additional data can help you

[andrewheard]

we seeing this issue in a reproducible way when a user is migrating to a new phone and restoring their apps/data, let me know if additional data can help you

@JonatanLoop Would you mind sharing if your app is using Firebase 10.17 or newer? (since it included #11986)

Any additional failure details you can provide would be helpful in case there's another scenario that the fix didn't cover. Thanks!

[JonatanLoop]

@andrewheard we are using 10.22 the following scenario is reproducible for us every time.

1. User is logged in and is issued AppCheck and Firebase token on an iPhone
2. user acquires a new iPhone and onboards with the same Apple ID to the new iPhone, electing to "restore from iCloud" to the new device
3. on opening the app for the first time on the new phone, we get the following logs. All further app check tokens fails.
   When deleting the app from the new iPhone and reinstalling, the issue dissappears

2024-04-24 19:55:22.941 [App 58FF] [INFO] [AppLifecycleManager] sceneWillEnterForeground(_:) (AppLifecycleManager.swift,163): Lifecycle: sceneWillEnterForeground 1DEA954B-9469-47CD-A4D3-1290CAEFD5E0
2024-04-24 19:55:22.943 [App 58FF] [INFO] [AppLifecycleManager] sceneWillEnterForeground(_:) (AppLifecycleManager.swift,171): no current user while entering foreground
2024-04-24 19:55:22.956 [App 58FF] [INFO] [AppLifecycleManager] appWillEnterForeground() (AppLifecycleManager.swift,104): Lifecycle: appWillEnterForeground
2024-04-24 19:55:23.240 [App 58FF] [INFO] [AppLifecycleManager] sceneDidBecomeActive(_:) (AppLifecycleManager.swift,179): Lifecycle: sceneDidBecomeActive 1DEA954B-9469-47CD-A4D3-1290CAEFD5E0
2024-04-24 19:55:23.241 [App 58FF] [INFO] [ApplicationBadgeUpdater] sceneDidBecomeActive() (ApplicationBadgeUpdater.swift,38): Zeroing application badge - sceneDidBecomeActive
2024-04-24 19:55:23.241 [App 58FF] [INFO] [ApplicationBadgeUpdater] updateApplicationBadge(to:) (ApplicationBadgeUpdater.swift,30): Setting application badge count to 0
2024-04-24 19:55:23.244 [App 58FF] [INFO] [AppLifecycleManager] appDidBecomeActive() (AppLifecycleManager.swift,108): Lifecycle: appDidBecomeActive
2024-04-24 19:55:24.436 [App 58FF] [ERROR] [AuthUtils] getAppCheckToken(completion:) (AuthUtils.swift,23): Failed to get AppCheck token with error: Optional(Error Domain=com.firebase.appCheck Code=0 "Failed to attest the validity of the generated cryptographic key (`attestKey:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash.length = 32; DCErrorInvalidInput - An error code that indicates when your app provides data that isn’t formatted correctly." UserInfo={NSLocalizedFailureReason=Failed to attest the validity of the generated cryptographic key (`attestKey:clientDataHash:completionHandler:`); keyId.length = 44, clientDataHash.length = 32; DCErrorInvalidInput - An error code that indicates when your app provides data that isn’t formatted correctly., NSUnderlyingError=0x303f889c0 {Error Domain=com.apple.devicecheck.error Code=2 "(null)"}})

[jacobsapps]

Thanks for this @JonatanLoop, you're doing God's work 🙏

[JonatanLoop]

@paulb777 any update on where it stands after we provided reproduction steps? we'll be forced moving off Firebase if there is no good fix in place in a short term

[ncooke3]

Thanks for the repro case, @JonatanLoop. I had filed a feedback with Apple about this error and there are several causes, but one that seems to correspond with your report is that this error may appear when using a key ID that was attested from a previous installation of the app. That seems to explain why the delete and reinstall does the trick.

I believe a similar approach to #11986 may work where the key ID is reset when this error is encountered.

[ncooke3]

Hi everyone, I just released an update of a core dependency of Firebase App Check. The update should address this issue. The latest version of Firebase will pick up this point release. Please run pod update or update your Swift package workspace. If you're using the Firebase zip or carthage, the fix will be included in the Firebase 10.27 release.

[jacobsapps]

Thanks for picking this up @ncooke3; I'll update to 10.26.0 and report back if I notice anything wrong.

Out of interest, what was the root issue?

[SamC-Apadmi]

Is this fixed in 10.26.0 or are we waiting for a 10.27 release?

[ncooke3]

It's available now. The update was for a dependency of Firebase App Check and should be compatible with several of the recent versions of Firebase. Depending on whether you update via pod update or via SPM (up date to latest package versions), you should see AppCheckCore 10.19.1 in your workspace.

[ncooke3]

Example for SPM:

[ybrikeeg]

I'm on 10.26.0 and AppCheck 10.19.1 and am still getting logs that uninstalling then reinstalling the app is not 100% fixing the Failed to create a block of data that demonstrates the legitimacy of the app instance issue.

I have some reports that it is fixing it, however it's not for all users.

Anyone else?

cc @ncooke3