重要提示:自
2024 年 5 月 1 日起,对于使用常用 SDK(包括 GoogleSignIn-iOS)的 iOS 应用,Apple
要求提供隐私权清单和签名。请在 2024 年 5 月 1 日之前升级到 GoogleSignIn-iOS v7.1.0 及更高版本。按照
我们的升级指南操作。
监控 App Check 请求指标
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
将 App Check 库添加到应用后,您应在启用 App Check 强制执行之前,先确保这样做不会干扰现有的合法用户。
您可以使用 App Check 请求指标这一重要工具来做出此决定。您可以在 Google API Console 或 Firebase 控制台中监控 App Check 指标。
监控 Google API Console中的指标
如需查看 iOS OAuth 客户端的指标,请前往“凭据”页面,然后在该页面中找到相应客户端的修改视图。在该页面上,您会在右侧的 Google Identity for iOS 部分下看到相关指标。这些指标将显示您的 App Check 请求指标。这些指标包括以下信息:
-
已验证的请求数 - 具有有效 App Check 令牌的请求数。启用 App Check 强制执行后,只有此类别的请求会成功。
-
未验证的请求数:可能过时的客户端请求 - 缺少 App Check 令牌的请求;这些请求可能来自不包含 App Check 实现的旧版应用。
-
未验证的请求数:未知来源的请求 - 缺少 App Check 令牌且看起来不像来自您的应用的请求。
-
未经验证的请求数:无效请求 - 具有无效 App Check 令牌的请求,可能来自企图冒充您的应用的不可信客户端,或者来自模拟的环境。
在 Firebase 控制台中监控指标
您可以查看整个项目的指标,也可以查看各个 OAuth 客户端的指标:
请求指标分为四个类别:
已验证请求是具有有效 App Check 令牌的请求。启用 App Check 强制执行后,只有此类别的请求会成功。
过时的客户端请求是缺少 App Check 令牌的请求。这些请求可能来自应用中未包含 App Check 的旧版 Firebase SDK。
未知来源请求是缺少 App Check 令牌并且看起来不像来自 Firebase SDK 的请求。这些请求可能是使用被盗 API 密钥发出的请求,或者是在未使用 Firebase SDK 的情况下发出的伪造请求。
无效请求是具有无效 App Check 令牌的请求,这些请求可能来自企图冒充您的应用的虚假客户端,也可能来自模拟环境。
这些类别的分布情况可以帮助您决定何时为您的应用启用强制执行。下面列出了一些指南:
如果几乎所有近期请求都来自经过验证的客户端,请考虑启用强制执行,开始保护您的身份验证端点。
如果近期请求中有很大一部分来自可能已过时的客户端,为避免干扰用户,请考虑等待更多用户更新应用之后,再启用强制执行。如果对已发布的应用强制执行 App Check,未与 App Check SDK 集成的先前的应用版本将无法使用。
如果您的应用尚未发布,您应立即启用 App Check 强制执行,因为用户还没有使用任何过时的客户端。
后续步骤
在了解 App Check 对用户有何影响并为后续操作做好准备之后,您便可以启用 App Check 强制执行。
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-31。
[null,null,["最后更新时间 (UTC):2025-08-31。"],[[["\u003cp\u003eBefore enforcing App Check, monitor its request metrics to understand its potential impact on existing users, particularly those using older app versions.\u003c/p\u003e\n"],["\u003cp\u003eApp Check metrics categorize requests into verified, outdated client, unknown origin, and invalid, helping you assess the risk of disrupting legitimate users.\u003c/p\u003e\n"],["\u003cp\u003eIf most requests are verified, consider enabling enforcement; if significant outdated client requests exist, wait for more users to update their app first.\u003c/p\u003e\n"],["\u003cp\u003eFor newly launched apps without existing users, enable App Check enforcement immediately to ensure security from the start.\u003c/p\u003e\n"],["\u003cp\u003eUse the Google API Console or Firebase Console to monitor App Check metrics and make informed decisions about enforcement timing.\u003c/p\u003e\n"]]],[],null,["After you add the App Check library to your app, but before you enable\nApp Check enforcement, you should make sure that doing so won't disrupt your\nexisting legitimate users.\n\nAn important tool you can use to make this decision are App Check\nrequest metrics. You can monitor App Check metrics in the\n[Google API Console](#monitor_metrics_in_the_google_cloud_console) or the [Firebase Console](#monitor_metrics_in_the_firebase_console).\n\nMonitor Metrics in the Google API Console\n\nTo view metrics for your iOS OAuth client, navigate to the edit view of the\nclient in the [Credentials page](https://console.cloud.google.com/apis/credentials). There, you will see metrics to the\nright of the page under the **Google Identity for iOS** section. These metrics\nwill show you your App Check request metrics. The metrics include the\nfollowing information:\n\n- **Number of verified requests** - requests that have a valid App Check token. After you enable App Check enforcement, only requests in this category will succeed.\n- **Number of unverified requests: likely outdated client requests** - requests missing an App Check token; these request may be from an older version of your app that doesn't include an App Check implementation.\n- **Number of unverified requests: unknown origin requests** - requests missing an App Check token that don't look like they are coming from your app.\n- **Number of unverified requests: invalid requests** - requests with an invalid App Check token, which may be from an inauthentic client attempting to impersonate your app, or from emulated environments.\n\nMonitor Metrics in the Firebase Console\n\nYou can view metrics for your projects as a whole, or\nfor individual OAuth clients:\n\n- To view the App Check request metrics for your project, open the\n [App Check](https://console.firebase.google.com/project/_/appcheck) section of the Firebase console and expand the\n **Google Identity for iOS** section. For example:\n\n- To view the App Check request metrics for a specific OAuth client, open the\n [OAuth clients](https://console.firebase.google.com/project/_/appcheck/products/oauth) page of the Firebase console and\n expand the section corresponding to the client.\n\nThe request metrics are broken down into four categories:\n\n- **Verified** requests are those that have a valid App Check token. After\n you enable App Check enforcement, only requests in this category will\n succeed.\n\n- **Outdated client** requests are those that are missing an App Check\n token. These requests might be from an older version of the Firebase SDK\n before App Check was included in the app.\n\n- **Unknown origin** requests are those that are missing an App Check token,\n and don't look like they come from the Firebase SDK. These might be from\n requests made with stolen API keys or forged requests made without the\n Firebase SDK.\n\n- **Invalid** requests are those that have an invalid\n App Check token, which might be from an inauthentic client attempting to\n impersonate your app, or from emulated environments.\n\nThe distribution of these categories for your app should inform when you decide\nto enable enforcement. Here are some guidelines:\n\n- If almost all of the recent requests are from verified clients, consider\n enabling enforcement to start protecting your auth endpoints.\n\n- If a significant portion of the recent requests are from likely-outdated\n clients, to avoid disrupting users, consider waiting for more users to update\n your app before enabling enforcement. Enforcing App Check on a released\n app will break prior app versions that are not integrated with the\n App Check SDK.\n\n- If your app hasn't launched yet, you should enable App Check enforcement\n immediately, since there aren't any outdated clients in use.\n\nNext steps\n\nWhen you understand how App Check will affect your users and you're ready to\nproceed, you can [enable App Check enforcement](/identity/sign-in/ios/appcheck/enable-enforcement)."]]