The following document :
https://developers.google.com/identity/sms-retriever/verify
states that for computing App's hash string we can use AppSignatureHelper class from the SMS retriever sample app. It adds , "However, if you use the helper class, be sure to remove it from your app after you get the hash string. Do not use hash strings dynamically computed on the client in your verification messages."
My doubt is, Will there be any security issues if we retain it in production ?