How to Run a Google SafetyNet Device Attestation Audit Using Appdome
Learn 3 easy steps to Run a Google SafetyNet Device Attestation audit using Appdome.
What is Google SafetyNet Device Attestation?
SafetyNet Attestation API is an anti-abuse API that allows app developers to assess the Android device their app is running on. The API can be used to help determine whether your servers are interacting with your genuine app running on a real Android device.
The SafetyNet Attestation API provides a cryptographically signed attestation, assessing the device’s integrity. In order to create the attestation, the API examines the device’s software and hardware environment, looking for integrity issues, and comparing it with the reference data for approved Android devices. The generated attestation is bound to the nonce that the caller app provides. The attestation also contains a generation timestamp and metadata about the requesting app.
How To Run a SafetyNet Attribution Audit From Appdome
Appdome implemented the SafetyNet Device Attestation API so that a SafetyNet Device Audit can be performed by Appdome on behalf of our customers. To use SafetyNet with Appdome, the Appdome admin/developer needs to insert their API key. Appdome will then perform the Attestation audit and sends the results back as a Threat Event.
More info about what this is here: https://developer.android.com/training/safetynet/attestation
Threat Events for SafetyNet Device Attestation
After Appdome performs the SafetyNet Device Attestation audit, Appdome sends the results back via Threat Events.
Appdome Threat-Events use industry-standard notification methods to pass security events between Appdome’s detection layer back to the mobile application, informing the app anytime a malicious event is detected and passing along information related to the threat using a key-value pair format.
To start receiving Threat-Events for SafetyNet Device Attestation, you need to register your app to listen for Appdome events using the following Threat Event names (key)
Threat Event name for SafetyNet Device Attestation: SafetyNetAttestationFailedThreat
Visit this Knowledge Base article for details on how to implement Threat Events in your mobile application, and to download the specific code that is relevant for your application’s development framework.
3 Easy Steps to run SafetyNet Device Attestation using Appdome
Please follow these 3 easy steps to add Appdome’s SafetyNet Device Attestation to an Android app.
- Upload an Android app (.apk or .aab)
- In the Build Tab, under Anti-Fraud, click Mobile Malware Prevention, Select SafetyNet Device Attestation (shown below)
- (Optional) You can customize the App Compromise Notification message that will be displayed to the mobile user when Appdome detects a threat.
- (Optional) Turn-ON the Threat-Events toggle for SafetyNet Device Attestation and select the desired enforcement action (‘In-App Detection’ or ‘In-App Defense’).
- Click Build My App
Congratulations! Your mobile application can now run SafetyNet Device Attestation audits.
Here’s what you need to build secured apps with Appdome’s SafetyNet Device Attestation feature
- Appdome account (If you don’t have an Appdome account, create a free Appdome account here)
- A license to Appdome’s SafetyNet Device Attestation feature
- Mobile App (.apk or .aab)
- Signing Credentials (e.g., signing certificates and provisioning profile)
No Coding Dependency
Using Appdome, there are no development or coding prerequisites to secure Android apps using SafetyNet Device Attestation. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.
How to Sign & Publish Secured Mobile Apps Built on Appdome
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
- Signing Secure iOS and Android apps
- Customizing, Configuring & Branding Secure Mobile Apps
- Deploying/Publishing Secure mobile apps to Public or Private app stores
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
How to Learn More
Check out the following related KB articles and resources:
If you have any questions, please send them our way at email@example.com or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.