How to use AppCheck

[topperspal]

I need to restrict access to Supabase only from my android app using signing key or some other solution.
In firebase or NodeJS apps I use AppCheck but please let me know how I can make some sort of restrictions using supabase.

If there is no functionality then please let us know how we can use AppCheck with Supabase

[kiwicopple]

Dropping this here for future investigation:
https://firebase.google.com/docs/app-check

I don't know how to use App Check with Supabase (tbh I've not used App Check yet). If anyone is able to help with an initial investigation that would be very much appreciated!

[anggoran]

I think this should be "new feature" and prioritized (?). AppCheck along with RLS authorization will help preventing abuse of database and functions usage from malicious user and an app that isn't authentic. For instance from what I know, mischevious web/app use our authentic login just to imitate that we authentically provide the login, then the web/app require a credit card, and users don't know and input theirs (correct me if i'm wrong please)

[MildTomato]

Moved to 'ideas' in our discussions board

[kiwicopple]

We're working on several security enhancements right now. They won't be using AppCheck - I'm not too sure if that's even feasible with Supabase. Instead they will be natively built in to every project - allow/ban-listing IPs, security reports and checklists, firewalls, custom API keys, etc. (DDoS protection is already available)

[topperspal]

Allow/ban IPs can help in website only, what about mobile apps where we need to allow every IP address.

As far as I know, firebase app check for android uses sha key to validate the app original app.

[leohxj]

maybe supabase can add some setting, like Sentry, support set the access-allow domain.

[arya-coding]

No update on this ?