Firebase Config Scanner
Detect Firebase and Play Integrity / App Check components bundled in an APK. (Detection only — it can't prove server-side enforcement.)
Drop your file here
or click to choose from your device
About Firebase Config Scanner
Detect Firebase and Play Integrity / App Check components bundled in an APK. (Detection only — it can't prove server-side enforcement.)
Firebase Config Scanner is part of APKLint’s security & malware toolkit — Find risky behavior, trackers, and suspicious patterns. It’s free to use and needs no account.
Your privacy is the default: files you upload are processed on our servers over an encrypted connection and permanently deleted by a scheduled hourly cleanup after analysis finishes, and never shared.
What Firebase Config Scanner checks
- Firebase SDK components present in the APK
- Play Integrity / App Check components
- Other Firebase services (Messaging, Crashlytics, Analytics)
- Whether attestation libraries are bundled
Good to know: Detection only. Bundled App Check libraries don't prove the backend actually enforces attestation.
When to use Firebase Config Scanner
- Best for
- Detecting Firebase and Play Integrity / App Check components bundled in an APK.
- Not the right tool for
- Not a configuration validator or a backend check; detection only.
- What you get back
- Which Firebase and App Check / Play Integrity components are present in the app.
- How it differs from related APKLint tools
- It is a focused presence detector, unlike the broad analyzers that inventory everything.
- Limitations
- Detection on the client side only; it cannot verify server-side enforcement.
How to use Firebase Config Scanner
- Choose your APK file — Drop an .apk file onto the page, or click to select it from your device.
- Send securely — The file is uploaded over an encrypted connection to our analysis servers.
- Read your report — APKLint unpacks and inspects the package and lays out the results on screen.
- Your file is removed — It's deleted by an hourly cleanup job after analysis finishes.
Why use APKLint
Every tool is free with no login and no paywall. Reasonable file and input limits keep the free service stable.
A clean, focused interface with no third-party ad banners cluttering your results.
Files you upload are deleted by a scheduled hourly cleanup after analysis finishes, and never shared.
Uses androguard DEX, class, and string inspection to detect SDK and API references.
Start immediately — no account, login, or email required.
Runs in any modern browser, on desktop or mobile.
Frequently asked questions
What does Firebase Config Scanner do?
Detect Firebase and Play Integrity / App Check components bundled in an APK. (Detection only — it can't prove server-side enforcement.)
Can it confirm App Check is enforced?
No. It can confirm the components are bundled in the app, but enforcement happens server-side and can't be verified from the APK.
Is it free to use?
Yes. Every tool on APKLint is completely free, with no sign-up and no account.
How is my data handled?
Your uploaded file and its result are processed on our servers over an encrypted connection, then removed by the next hourly cleanup after analysis finishes. We never share them.
What files can I send?
An Android APK — a .apk file — up to 1 GB.