SafetyNet Playground
SafetyNet Playground consists of an Android application and an associated web service that can be used as a sample for developers attempting to securely implement Google's SafetyNet attestation API.
Google's SafetyNet service can help your app maintain a level of assurance that the device you are executing on has not been tampered with. There are many ways to design how you'll do attestation requests, such as using a client-only or client-server architecture. SafetyNet Playground demonstrates a tamper-resistant client-server attestation flow.
This sample app will attempt to make a REST request to a web service. This request will be successful only if the SafetyNet service attests that your device is CTS compatible.
You can read more on SafetyNet Playground at https://www.cigital.com/blog/using-safetynet-api
You can read a technical analysis of SafetyNet internals at https://koz.io/inside-safetynet
This application and associated web service are released as open source codeAndroid application: https://github.com/cigital/safetynet-appWeb Service: https://github.com/cigital/safetynet-web-php
Credits:
SafetyNet research: John Kozyrakis, Technical Strategist @CigitalSafetyNet Playground app and web service development: Georgi Boiko, Security Consultant @Cigital
Google's SafetyNet service can help your app maintain a level of assurance that the device you are executing on has not been tampered with. There are many ways to design how you'll do attestation requests, such as using a client-only or client-server architecture. SafetyNet Playground demonstrates a tamper-resistant client-server attestation flow.
This sample app will attempt to make a REST request to a web service. This request will be successful only if the SafetyNet service attests that your device is CTS compatible.
You can read more on SafetyNet Playground at https://www.cigital.com/blog/using-safetynet-api
You can read a technical analysis of SafetyNet internals at https://koz.io/inside-safetynet
This application and associated web service are released as open source codeAndroid application: https://github.com/cigital/safetynet-appWeb Service: https://github.com/cigital/safetynet-web-php
Credits:
SafetyNet research: John Kozyrakis, Technical Strategist @CigitalSafetyNet Playground app and web service development: Georgi Boiko, Security Consultant @Cigital
Category : Tools
Related searches
Reviews (8)
ski. c.
Dec 15, 2016
when oturning off SU, other app detect my app is clean but this app detecting it, great!!
Zak. Z.
Mar 29, 2017
Good and accurate
Cai. Z.
Feb 9, 2016
Help me to see if my phone can use android pay.
Gra. D.
Oct 12, 2015
Thanks for the write up and samples folks - interesting stuff!
Pet. T.
Mar 20, 2016
Tells you whether or not your phone can run Android pay
M.
Oct 12, 2015
Great for checking if my device has been rooted or tampered with.
Ton. S.
Oct 9, 2015
An excellent demo of secure SafetyNet usage. Thanks for sharing the code and the composer package too!
So what does it mean when the app crashes upon setting it in action. 4.3, rooted, xposed, xprivacy. Note 3