While testing a mobile app in the staging environment against a test reCAPTCHA iOS key we got this error response when attempting to initialize:

Only one site key can be used per runtime. The site key you provided **** is different than ****

In particular, we are sending the staging site key but it is saying it doesn't match the production site key. I can't find any documentation regarding this but I suspect that the reCAPTCHA SDK sends along the application's ID (iOS bundle or Android APK package name) and if there is already an associated site key that has been used for it only that site key is allowed to be used by that application. This would mean that to successfully use test keys in lower environments we are forced to build variants of the applications for that purpose, which could be identified as distinct from the production version of the applications.

Is this correct? Moreover, does this apply to web applications as well owing to the origin domain of calls to initialize reCAPTCHA? Or if not, I'd appreciate any clarification on the matter. Thanks!