Some Firebase Android SDKs depend on Google Play services, which means they will only run on devices and emulators with Google Play services installed. These Firebase SDKs communicate with the Google Play services background service on the device to provide a secure, up-to-date, and lightweight API to your app.

Certain Android devices do not have Google Play services installed. Previously, this meant developers had to make use of work-arounds to be able to be able to use these Firebase SDKs on such devices.

Today, we are pleased to announce that as of version 20.0.0 of the Firebase Authentication Android SDK (which is included in version 26.0.0 of the Firebase Android BoM), Firebase Authentication no longer depends on Google Play services. This means it is now easy to securely access Firebase products like Cloud Firestore, Realtime Database, and Cloud Storage from any Android device.

So what does this mean for you?

Firebase handles all of this behind the scenes, so you won't have to make any changes to your code base. All you have to do is to update your Gradle dependencies to the latest version (26.0.0) of the Firebase Android BoM, recompile, and you're good to go.

dependencies {
  // ...

  // Import the Firebase BoM
  implementation platform('com.google.firebase:firebase-bom:26.0.0')

  // When using the BoM, you don't specify versions in Firebase library dependencies

  // For example, declare the dependencies for Firebase Authentication and Cloud Firestore
  implementation 'com.google.firebase:firebase-auth'
  implementation 'com.google.firebase:firebase-firestore'
} 

In case you've used a workaround to be able to use Firebase Auth on non-GMS devices, you can now remove this workaround from your app.

In order to remove the dependency on Google Play services without compromising security, the new version of the Firebase Authentication SDK for Android made some changes to Phone Number Authentication. In particular, Firebase must be able to verify that phone number sign-in requests are coming from your app. On devices with Google Play services installed, Firebase will use Android SafetyNet to establish the device as legitimate. If your app makes use of Phone Number Authentication, you should enable the SafetyNet API. In the event that SafetyNet cannot be used (for example, on devices without Google Play services), Firebase will use reCAPTCHA verification to complete the phone sign-in flow.

It is worth noting that the reCAPTCHA flow will only be triggered when SafetyNet is not available or the user's device doesn't pass suspicion checks. Nonetheless, you should ensure that both scenarios are working correctly. For example, you can call FirebaseAuth.getInstance().getFirebaseAuthSettings().forceRecaptchaFlowForTesting(); in your tests to force the reCAPTCHA flow. For more detail about testing, refer to the documentation, which goes into much more detail.

For a complete list of Firebase SDKs that require Google Play services, refer to this overview.

If you have feedback or want to contribute, you can find us on GitHub.