Purpose of Android/Firebase Debug signing certificate SHA-1

Question

The latest Firebase Cloud Messaging panel has an optional Debug signing certificate SHA-1 field when registering a new app. The form states that the certificate is:

Required for Dynamic Links, Invites, and Google Sign-In support in Auth. Edit SHA-1s in Settings.

There are many online resources (example) on how to get the certificate, but I could not find a proper explanation about its purpose, what is the difference between release and debug, and why Firebase takes only for the latter.

What is the purpose of the SHA-1 certificate, and what are the differences between the release and debug versions?

Answer 1

As I understand, certain Google Play services (e.g. Google Sign-in) require providing the SHA1 fingerprint of the certificate used to sign the app. When developing an app using Android Studio, the IDE creates a self-signed debug certificate which is used to sign the app in development. You need to register the fingerprint of this certificate with Firebase console in order to access Google Play services.

You can find more info in the following articles:

• https://developers.google.com/android/guides/client-auth
• https://developer.android.com/studio/publish/app-signing.html