The following are the causes of it:
RSA has variable length signatures, depending on the key size.
Google updated the key pairs it uses for signing, and now one of the key pairs generates a different length signature from the other
java.security.Signature.verify(byte[] signature) throws an exception if a signature of the wrong length is passed (instead of returning false which is normally done when a signature does not match the key)
For me the solution was to wrap the verify call (try...catch), and return false instead. You could also do an early check on the public key yourself, checking if the length of the signature matches the length of the public key modulus.
If you use a library to check the signature, make sure you use the latest version.
Looking at the example code on http://android-developers.blogspot.nl/2013/01/verifying-back-end-calls-from-android.html, you would have to change this:
GoogleIdToken token = GoogleIdToken.parse(mJFactory, tokenString);
to
JsonWebSignature jws = JsonWebSignature.parser(mJFactory).setPayloadClass(Payload.class).parse(tokenString);
GoogleIdToken token = new GoogleIdToken(jws.getHeader(), (Payload) jws.getPayload(), jws.getSignatureBytes(), jws.getSignedContentBytes()) {
public boolean verify(GoogleIdTokenVerifier verifier)
throws GeneralSecurityException, IOException {
try {
return verifier.verify(this);
} catch (java.security.SignatureException e) {
return false;
}
}
};
I, unfortunately, don't have an exact setup to test this.
For those using Google Cloud Endpoint, like the question states, I think there was very little you could do except wait until Google fixes it. Luckily it's fixed now.