Learn 3 easy steps to Run a Google SafetyNet Device Attestation audit using Appdome.
SafetyNet Attestation API is an anti-abuse API that allows app developers to assess the Android device their app is running on. The API can be used to help determine whether your servers are interacting with your genuine app running on a real Android device.
The SafetyNet Attestation API provides a cryptographically signed attestation, assessing the device’s integrity. In order to create the attestation, the API examines the device’s software and hardware environment, looking for integrity issues, and comparing it with the reference data for approved Android devices. The generated attestation is bound to the nonce that the caller app provides. The attestation also contains a generation timestamp and metadata about the requesting app.
Appdome implemented the SafetyNet Device Attestation API so that a SafetyNet Device Audit can be performed by Appdome on behalf of our customers. To use SafetyNet with Appdome, the Appdome admin/developer needs to insert their API key. Appdome will then perform the Attestation audit and sends the results back as a Threat Event.
More info about what this is here: https://developer.android.com/training/safetynet/attestation
After Appdome performs the SafetyNet Device Attestation audit, Appdome sends the results back via Threat Events.
Appdome Threat-Events use industry-standard notification methods to pass security events between Appdome’s detection layer back to the mobile application, informing the app anytime a malicious event is detected and passing along information related to the threat using a key-value pair format.
To start receiving Threat-Events for SafetyNet Device Attestation, you need to register your app to listen for Appdome events using the following Threat Event names (key)
Threat Event name for SafetyNet Device Attestation: SafetyNetAttestationFailedThreat
Visit this Knowledge Base article for details on how to implement Threat Events in your mobile application, and to download the specific code that is relevant for your application’s development framework.
Please follow these 3 easy steps to add Appdome’s SafetyNet Device Attestation to an Android app.
Congratulations! Your mobile application can now run SafetyNet Device Attestation audits.
Here’s what you need to build secured apps with Appdome’s SafetyNet Device Attestation feature
Using Appdome, there are no development or coding prerequisites to secure Android apps using SafetyNet Device Attestation. There is no SDK and no library to manually code or implement in the app. The Appdome technology adds the relevant standards, frameworks, and logic to the app automatically, with no manual development work at all.
After successfully securing your app using Appdome, there are several available options to complete your project, depending on your app lifecycle or workflow. These include:
Or, see this quick reference Releasing Secured Android & iOS Apps built on Appdome.
Check out the following related KB articles and resources:
If you have any questions, please send them our way at firstname.lastname@example.org or via the chat window on the Appdome platform.
Or request a demo at any time.
Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.