SafetyNet attestation, a building block for anti-abuse - Hallo Guys Android Blog, On the article that you read this time with the title SafetyNet attestation, a building block for anti-abuse, We have prepared this article well for you to read and take the information in it. Hopefully contents post Article Android, Article API, Article attestation, Article SafetyNet, Article Security, that we write this can you understand. Okay, happy reading.

Title : SafetyNet attestation, a building block for anti-abuse
Link : SafetyNet attestation, a building block for anti-abuse

SafetyNet attestation, a building block for anti-abuse

Posted by Arindam Basu, Borbala Benko, Alan Butler, Edward Cunningham, William Luh



Building innovative security features for Android app developers and their users
continues to be a priority. As part of this effort, we provide SafetyNet
attestation, an API for developers to remotely evaluate whether they are
talking to a genuine Android device.




SafetyNet examines software and hardware information on the device to assess its
integrity. The result is a cryptographically signed statement, attesting basic
properties of the device — such as overall integrity and compatibility with
Android (CTS) — as
well as metadata about your app, such as its package name and signature. The
following JSON snippet shows an example of how the API reports this information:

{
  "nonce": "R2Rra24fVm5xa2Mg",
  "timestampMs": 9860437986543,
  "apkPackageName": "com.package.name.of.requesting.app",
  "apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
                                  certificate used to sign requesting app"],
  "apkDigestSha256": "base64 encoded, SHA-256 hash of the app's APK",
  "ctsProfileMatch": true,
  "basicIntegrity": true,
}

The contents of an example attestation response, providing information about
the calling app and the integrity and compatibility of the device.




The SafetyNet attestation API can help your server distinguish traffic coming
from genuine, compatible Android devices from traffic coming from less-trusted
sources, including non-Android devices. This classification helps you better
understand the risks associated with each device so that you can fine-tune
preventive or mitigative actions in case of abuse or misbehavior.




We encourage developers to use SafetyNet attestations to augment their
anti-abuse strategy. Combine SafetyNet attestation with other signals, such as
your existing device-side signals and behavioral signals about what the user is
trying to do, in order to build robust, multi-tier protection systems.




For further information, check the recently
updated documentation and see the SafetyNet API
Samples on GitHub.

Thus articles SafetyNet attestation, a building block for anti-abuse

Until here the article SafetyNet attestation, a building block for anti-abuse this time, hopefully can benefit for you all. Okay, see you in another post.

You are now reading SafetyNet attestation, a building block for anti-abuse With the link address https://weekendrevolutionaries.blogspot.com/2017/04/safetynet-attestation-building-block.html