[CLOUD_FUNCTIONS]: Cloud Functions not executed due to App Check "invalid" token issue

[silvialoyapp]

Previous report suggested contacting here: firebase/flutterfire#17540 (comment)

Which plugins are affected?
App Check

Which platforms are affected?
Android

Description
Hi!

I use many cloud function (onCall) in my project and all worked perfectly until the update to Flutter 3.32.4. (I use FlutterFlow)

Context: I don't have my app registered in App Check (and, of course, not enforced) and I don't wan to use App Check at all.

Before: the app validation was "missing" (and the cloud function was executed)
Now: the app validation is "invalid" (and the cloud function is NOT executed)
The log error that I receive is the following:

Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
at FirebaseAppCheckError.FirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppCheckError.PrefixedFirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppCheckError (/workspace/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js:187:28)
at /workspace/node_modules/firebase-admin/lib/app-check/token-verifier.js:82:19
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
errorInfo: {
code: 'app-check/invalid-argument',
message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
},
codePrefix: 'app-check'
}

Callable request verification failed: AppCheck token was rejected.

Where is failing?
-Android apps deployed to Google Play (internal test)
-Downloaded .apks
-NOTE: Cloud Functions work in web and in iOS apps deployed to App Store, the app is set as "missing" there (as expected)

Reproducing the issue
When I trigger a onCall cloud function, the console returns this log error: "Callable request verification failed: AppCheck token was rejected" and the function is not executed.

Firebase Core version
3.14.0

Flutter Version
3.32.4

Relevant Log Output
Failed to validate AppCheck token. FirebaseAppCheckError: Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.
at FirebaseAppCheckError.FirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:44:28)
at FirebaseAppCheckError.PrefixedFirebaseError [as constructor] (/workspace/node_modules/firebase-admin/lib/utils/error.js:90:28)
at new FirebaseAppCheckError (/workspace/node_modules/firebase-admin/lib/app-check/app-check-api-client-internal.js:187:28)
at /workspace/node_modules/firebase-admin/lib/app-check/token-verifier.js:82:19
at process.processTicksAndRejections (node:internal/process/task_queues:95:5) {
errorInfo: {
code: 'app-check/invalid-argument',
message: 'Decoding App Check token failed. Make sure you passed the entire string JWT which represents the Firebase App Check token.'
},
codePrefix: 'app-check'
}

Callable request verification failed: AppCheck token was rejected.
Flutter dependencies
The ones of the last FlutterFlow update, see here: https://www.notion.so/flutterflow/FlutterFlow-Migration-Guide-211aa0c0617980f88209f4af67d7b019

Additional context and comments
I followed this steps carefully and didn't solve the problem:

Extract Fingerprints from the New, Failing APK:

Ensure you are using the SHA-1 (and ideally SHA-256) fingerprints from the APK you downloaded after the FlutterFlow update (the one that is currently failing). It's crucial that these match what FlutterFlow is signing your new builds with.
(As discussed before: rename .apk to .zip, extract, go to META-INF, use keytool -printcert -file CERT.RSA).
Register Your Android App in Firebase App Check (Carefully):

Go to your Firebase Console -> App Check -> Apps tab.
If you have any existing Android app entries for this project, consider deleting them and starting fresh to avoid confusion.
Click "Add app" (Android icon).
Package Name: Copy-paste the exact package name from your FlutterFlow project (Settings (gear icon) -> General -> Package Name). It must be perfect.
SHA-1 Certificate Fingerprint: Paste the SHA-1 you extracted from the new, failing APK.
SHA-256 Certificate Fingerprint (Optional but Recommended): Also add the SHA-256 from the same APK.
Choose Provider: For Android, select Play Integrity API. This is the modern, robust choice. Follow any instructions it gives you regarding linking to Google Play Console. If you don't plan to use Google Play Console, you might temporarily use SafetyNet Attestation API instead, but Play Integrity is the future.
Do NOT click "Enforce" after registering. Just register the app.
Wait for Propagation:

After adding the app and its fingerprints, wait at least 15-30 minutes for the changes to propagate across Firebase's systems.

Re-download APK from FlutterFlow:

Once you've waited, go back to FlutterFlow.
Perform a Clear Cache browser & Download APK from the menu. This ensures FlutterFlow builds your app with the updated configuration in mind and you get a fresh APK.