Google Sign-In Fails on APK – Structural SHA-1 Mismatch, No User Control

I generated the correct production SHA keys using Android Studio

I registered this key in Firebase → Project Settings → Android App.
I removed outdated SHA keys.
OAuth/Web Client ID/Auth Provider are correctly set up.
However, FlutterFlow does not allow uploading google-services.json, so I can't control the Firebase link myself.

Confirmed Root Cause

• FlutterFlow automatically injects hidden SHA-1 keys into Firebase.

• These are not visible to users and reappear even after being deleted.

• This creates a mismatch:
  → My APK is signed with my SHA-1, but
  → Firebase recognizes only the FlutterFlow-injected SHA-1, not mine.

What’s Broken in the System

• No way to view which SHA-1 FlutterFlow is using

• Cannot upload or override google-services.json

• Cannot manually set signing keys

• Build → View Signing Info is missing — even for Pro users

✅ This is not a misconfiguration on my side. Everything works perfectly in Run Mode & Web.
❌ It fails only in the APK, because of a system-level SHA mismatch I cannot fix

Customer Support Response

I contacted support several times and only received repeated Firebase setup steps like:

"Register SHA-1 → download JSON → configure OAuth → test again..."

But I've done all of this 10+ times.
This is not a setup problem — it's a hidden signing issue I cannot control or see.

🙏 Calling All FlutterFlow Users

This is beyond documentation — I need your real-world knowledge.

Have you ever fixed this?

• How did you solve Google Sign-In failing on APK builds?

• Did you manage to override or resign APKs externally?

• Did you find a workaround for the hidden SHA keys?

Even a small tip or suggestion would help.
I'm blocked from production, and FlutterFlow gives no path to resolve this from the user's side

🔐 Due to security reasons, I have not attached screenshots of SHA keys or Firebase config,

but I’m happy to provide them privately to the FlutterFlow team if needed.