SecurityException - GoogleCertificatesRslt: not allowed

Question

We have an app with some million users. Over the past week we have gotten around 30 "velocity alerts" from Firebase Crashlytics from older versions of the app with error messages like this:

Fatal Exception: java.lang.SecurityException
GoogleCertificatesRslt: not allowed: pkg=com.example.app, sha1=<sha1 redacted>, atk=false, ver=203914019.true (go/gsrlt)
android.os.Parcel.readException (Parcel.java:1959)
android.os.Parcel.readException (Parcel.java:1905)
com.google.android.gms.common.internal.s.r (s.java:37)
com.google.android.gms.common.internal.W.u (W.java:90)
com.google.android.gms.common.api.internal.At.q (At.java:17)
com.google.android.gms.common.api.internal.rt.run (rt.java:5)
java.util.concurrent.Executors$RunnableAdapter.call (Executors.java:457)
java.util.concurrent.FutureTask.run (FutureTask.java:266)
java.util.concurrent.ThreadPoolExecutor.runWorker (ThreadPoolExecutor.java:1162)
java.util.concurrent.ThreadPoolExecutor$Worker.run (ThreadPoolExecutor.java:636)
com.google.android.gms.internal.ef.run (ef.java:6)
java.lang.Thread.run (Thread.java:764)

It isn't impacting that many users, maybe a few hundreds to a thousand. Normally we wouldn't really notice that small a problem, but because it seems to happen over and over again for those users we have gotten all those velocity alerts - making it more apparent.

Why is this happening? The stacktraces varies a bit, but it does look like it's related to Google's GMS.

Is there anything we or our users can do to avoid it?

The issue seem to be spread out among Android versions and device vendors.

Answer 1

This was an issue in Google Play services as confirmed from someone in dev relations. A fix was rolled out for this on 2nd Oct and we should see a decreasing trend for this as more devices auto update to the latest version(20.39.15).

Answer 2

If anyone still having this error using play-services-maps using MapView, not fragment implementation, you could try when initialise to add this code:

MapsInitializer.initialize(context, MapsInitializer.Renderer.LATEST, listener)

Google started to progressively update default render since June 2022 and this maybe could crash using MapsInitializer.Render.LEGACY. In my case, it does.

Annoying, but works. More details here.