How I fixed Firebase permission-denied after enabling App Check in React Native Android

If your React Native app signs users in correctly with Firebase Auth, but Firestore suddenly starts throwing:

permission-denied

...especially after enabling Firebase App Check with Play Integrity on Android, this can be very misleading.

That was exactly the situation I ran into.

At first, it looked like a Firestore rules issue. But the rules were fine. Auth was also working. The real problem was deeper: App Check was enabled, but it was not actually installed and initialized correctly on the native Android side.

This post is a practical breakdown of what happened, what made this error confusing, and what I would check first if I hit it again.

*The symptom
*
The setup looked normal on the surface:

• Firebase Auth was working
• the user was signed in
• Firestore rules looked correct
• the app worked differently depending on environment
• after enabling App Check / Play Integrity, Firestore requests started failing with permission-denied

That error pushes me toward checking security rules first, which makes sense. But in this case, the problem was not the rules themselves.

Why this error is confusing

permission-denied in Firebase can come from multiple places:

• Firestore or Storage security rules
• missing authentication
• wrong Firebase project configuration
• App Check rejecting requests
• release-only Android setup issues

So even though the error message sounds specific, it is not always pointing to the real root cause.

What the real issue was

In my case, App Check was enabled, but it was not actually installed natively in the Android app.

That meant Firestore requests were being blocked when enforcement was on, even though the JavaScript side looked fine and Auth was working.

The critical fix was making sure App Check was installed properly on the native Android side, not just assumed to be active.

What I would check first

If you are getting permission-denied after enabling App Check in a React Native Android app, I would check these in order.

1. Confirm it is not just a Firestore rules issue

As a quick test, temporarily loosen the relevant Firestore rule in a safe test environment to confirm whether the issue is actually caused by rules.

If the issue still persists in the same way, that is a strong signal that you are dealing with something else.

Important: revert this immediately after testing.

1. Make sure the user is really authenticated before the Firestore call

Even if Firebase Auth works in general, the exact Firestore request may still happen before auth state is ready.

I would verify:

• the current user is not null
• the Firestore request runs only after auth initialization completes
• the affected collection/document is actually covered by your intended rules
• Check whether App Check is enabled but not installed correctly

This was the biggest one for me.

If App Check enforcement is ON, but the Android native side is not properly set up, Firestore requests can fail in a way that looks like a rules or permission issue.

That means checking the native Android integration carefully, not just the JS layer.

1. Verify the SHA-256 fingerprint in Firebase

If you are using Play Integrity, you also need to verify that the correct SHA-256 fingerprint is registered in Firebase.

This is easy to get wrong, especially if there is confusion between:

• upload key
• app signing key
• debug/release fingerprints

If the wrong one is configured, App Check validation can break even though other parts of the app seem fine.

1. Test with logs instead of guessing

This is one of the biggest lessons from the whole issue.

When debugging App Check / release-only behavior, I would rely on logs much more than assumptions.

In particular, Android logs can help confirm whether App Check is actually active and whether requests are being blocked for reasons that the UI error does not explain clearly.

The main lesson

The biggest mistake I could have made was assuming:

• Auth works, so Firebase setup must be fine
• rules look correct, so the problem must be somewhere else
• JS setup is enough for App Check In reality, App Check can be the hidden layer that breaks Firestore access while making the error look like a permissions problem.

My practical rule now

When I see this combination:

• React Native Android
• Firebase Auth works
• Firestore throws permission-denied
• App Check / Play Integrity was recently enabled ...I immediately treat App Check native setup as one of the first suspects.

That saves a lot of time.

I built a small helper for this kind of issue

While debugging these kinds of React Native / Firebase / Android problems, I built a small free error helper here:

https://fixmyrnerror.onhercules.app

It is meant to help narrow down likely causes faster.

Final takeaway

If you are stuck on permission-denied, do not assume it is only a Firestore rules problem.

Check:

• rules
• auth timing
• App Check native setup
• SHA-256 configuration
• release-specific Android differences That combination is where the real issue may be hiding.