Downloaded 12 times
Uploaded bySana Rahim
Google SafetyNet API
The document discusses the SafetyNet API, a security service for Android that includes various components to ensure app safety, such as attestation and safe browsing. It highlights concerns about app modification, deployment on rooted devices, and malicious traffic. Developers can utilize the SafetyNet Attestation API to verify device compatibility and ensure their app functions as intended.
![Carlos García - Pentesting Active Directory Forests [rooted2019]](https://cdn.slidesharecdn.com/ss_thumbnails/carlosgarcia-rooted2019-pentestingactivedirectoryforests-public-190403185357-thumbnail.jpg?width=640&height=640&fit=bounds)
![[Hun][Hackersuli] Duck off Google - Android security](https://cdn.slidesharecdn.com/ss_thumbnails/duckoffgoogle-hekkersuliamilement-251001135040-d8f037a4-thumbnail.jpg?width=640&height=640&fit=bounds)
Google SafetyNet API
- 1.
- 2. Been developers…. What ifSomeone Modify your app?? What If your app is deployed on Rooted device? What if from you're app threated website are surfed? What if your app has Malicious Traffic???
- 3. Safety Net API SafetyNet is the brand name for security services on Android. Safety Net API is part of the Google Play services released in version 7.0. Designed to be run on any Android device (with Google Play). independent from device manufacturer
- 4. Safety Net Consists… SafetyNet Attestation API Safety Net Safe Browsing API Safety Net reCAPTCHAAPI Safety app verification API
- 5. Safety Net AttestationAPI The Safety Net attestation API is a Google Play Services API that any developer can use in order to gain a degree of assurance that the device their application is running on is “CTS compatible.” This analysis can help you determine if your app will work as expected on the device where it is installed. The service evaluates both software and hardware characteristics of the device.
- 6. Obtaining API Key Googleconsole
- 12.
- 13.
- 14. Add Generated keyto Strings xml file
- 15. Set connection toGoogle Play Service
- 16.
- 17.
- 18.
Editor's Notes
- #3 The SafetyNet Attestation API helps you assess the security and compatibility of the Android environments in which your apps run. You can use this API to analyze devices that have installed your app. SafetyNet examines software and hardware information on the device where your app is installed to create a profile of that device. SafetyNet provides services for determining whether a URL has been marked as a known threat by Google. Your app can use this API to determine whether a particular URL has been classified by Google as a known threat. Internally, SafetyNet implements a client for the Safe Browsing Network Protocol v4 developed by Google. Both the client code and the v4 network protocol were designed to preserve users' privacy and keep battery and bandwidth consumption to a minimum. Use this API to take full advantage of Google's Safe Browsing service on Android in the most resource-optimized way, and without implementing its network protocol. The SafetyNet service includes a reCAPTCHA API that you can use to protect your app from malicious traffic. reCAPTCHA is a free service that uses an advanced risk analysis engine to protect your app from spam and other abusive actions. If the service suspects that the user interacting with your app might be a bot instead of a human, it serves a CAPTCHA that a human must solve before your app can continue executing.