How to Run a Google SafetyNet Device Attestation Audit Using Appdome

Learn 3 easy steps to Run a Google SafetyNet Device Attestation audit using Appdome.

What is Google SafetyNet Device Attestation?

SafetyNet Attestation API is an anti-abuse API that allows app developers to assess the Android device their app is running on. The API can be used to help determine whether your servers are interacting with your genuine app running on a real Android device.

The SafetyNet Attestation API provides a cryptographically signed attestation, assessing the device’s integrity. In order to create the attestation, the API examines the device’s software and hardware environment, looking for integrity issues, and comparing it with the reference data for approved Android devices. The generated attestation is bound to the nonce that the caller app provides. The attestation also contains a generation timestamp and metadata about the requesting app.

How To Run a SafetyNet Attribution Audit From Appdome

Appdome implemented the SafetyNet Device Attestation API so that a SafetyNet Device Audit can be performed by Appdome on behalf of our customers. To use SafetyNet with Appdome, the Appdome admin/developer needs to insert their API key. Appdome will then perform the Attestation audit and sends the results back as a Threat Event.
More info about what this is here: https://developer.android.com/training/safetynet/attestation

Threat Events for SafetyNet Device Attestation

After Appdome performs the SafetyNet Device Attestation audit, Appdome sends the results back via Threat Events. 

Appdome Threat-Events use industry-standard notification methods to pass security events between Appdome’s detection layer back to the mobile application, informing the app anytime a malicious event is detected and passing along information related to the threat using a key-value pair format.

————————————————————————————————————————————-

To start receiving Threat-Events for SafetyNet Device Attestation, you need to register your app to listen for Appdome events using the following Threat Event names (key)

Threat Event name for SafetyNet Device Attestation:  SafetyNetAttestationFailedThreat 

Visit this Knowledge Base article for details on how to implement Threat Events in your mobile application, and to download the specific code that is relevant for your application’s development framework.

————————————————————————————————————————————-

3 Easy Steps to run SafetyNet Device Attestation using Appdome

Please follow these 3 easy steps to add Appdome’s SafetyNet Device Attestation to an Android app.

  1. Upload an Android app (.apk or .aab)
  2. In the Build Tab, under Anti-Fraud, click Mobile Malware Prevention, Select SafetyNet Device Attestation (shown below)
    • (Optional) You can customize the App Compromise Notification message that will be displayed to the mobile user when Appdome detects a threat.
    • (Optional) Turn-ON the Threat-Events toggle for SafetyNet Device Attestation and select the desired enforcement action (‘In-App Detection’ or ‘In-App Defense’).
  3. Click Build My App

 

Safetynet.device.attribution

Congratulations! Your mobile application can now run SafetyNet Device Attestation audits.

Build My App Success (Mattermost)

Prerequisites

Here’s what you need to build secured apps with Appdome’s SafetyNet Device Attestation feature

No Coding Dependency

Using Appdome, there are no development or coding prerequisites to secure Android apps using SafetyNet Device Attestation. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.

How to Sign & Publish Secured Mobile Apps Built on Appdome  

After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include 

Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome. 

How to Learn More

Check out the following related KB articles and resources:

Mobile Malware Prevention

How to Block StrandHogg Malware and Protect Android Apps Against Overlay Attacks

How to Block Overlay Attacks on Android Apps

How to Block Magisk Manager, Prevent Rooting Android Apps

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Or request a demo at any time.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Alan Bavosa

Have a question?

Ask an expert

KarenMaking your security project a success!

Get Your Copy
2021 Global Mobile
Consumer Security
Survey