Live app blocked: "Requested entity already exists" — Android OAuth client reserved by a suspended project

Hi Cloud Foundations team,

I’m hoping a community manager can help escalate this internally, as it’s breaking Google Sign-In for the live, paying users of my published Android app and I’ve been unable to resolve it through normal channels.

The problem
I cannot create the Android OAuth 2.0 client my app needs in my active project, because the package name + SHA-1 is still reserved by a different project that Google suspended. Creating the client returns 409 “Requested entity already exists,” with tracking number c1245978817386470 and on-device users get ApiException: 12500 (sign-in failed).

Details

  • App (live on Google Play): HSA Hoard, package com.downgatelabsllc.hsahoard
  • Active project (where I need the client): HSA Hoard Production, project number 486697594093
  • Suspended project holding the reservation: hsa-hoard
  • SHA-1 fingerprints involved:
    • Play App Signing (legacy): 44:55:10:3A:6D:7D:AB:69:EE:61:7F:C6:C0:2A:BF:11:6B:4A:9C:94
    • Play App Signing (new): C6:6E:01:41:70:45:62:E2:8D:54:AB:80:03:46:5A:E1:F2:B8:55:FD
    • Upload key: B4:A0:D9:51:28:7E:D1:68:98:DE:3C:65:6B:78:BD:5C:8E:40:72:31

Background
Project hsa-hoard was suspended around May 24, 2026 for “suspicious activity.” I believe this was a false positive triggered by legitimate RevenueCat/Play Console pricing changes made via service account revenuecat-access@hsa-hoard.iam.gserviceaccount.com in the 12 hours before the alert. I submitted an appeal on May 25, 2026 and have had no response in ~6 weeks. I’ve since migrated all other services (Gemini APIs, etc.) to project 486697594093 successfully — only Google Sign-In is blocked, because its OAuth client is locked in the suspended project I can no longer access.

What I’ve tried

  • Creating the Android OAuth client in the new project → blocked by the 409 above.
  • A browser-based (AppAuth/PKCE) flow as a workaround → still fails, suggesting the OAuth/consent config tied to the suspended project is also implicated.
  • Sending follow up emails and multiple appeals
  • Deleting the old project with the hopes that it would free up the reserved SHA-1 key

What would resolve it (either one)

  1. Release the orphaned Android OAuth client reservation for package com.downgatelabsllc.hsahoard (the SHA-1s above), so I can register the client in project 486697594093; or
  2. Escalate the hsa-hoard suspension appeal to Trust & Safety for review/reinstatement so that I can remove the Android OAuth client myself

Happy to provide any ownership verification or logs needed. This affects paying users every day and has stopped growth in its tracks, so any help getting it in front of the right team is hugely appreciated.

1 Like