SafetyNet Playground consists of an Android application and an associated web service that can be used as a sample for developers attempting to securely implement Google's SafetyNet attestation API.
Google's SafetyNet service can help your app maintain a level of assurance that the device you are executing on has not been tampered with. There are many ways to design how you'll do attestation requests, such as using a client-only or client-server architecture. SafetyNet Playground demonstrates a tamper-resistant client-server attestation flow.
This sample app will attempt to make a REST request to a web service. This request will be successful only if the SafetyNet service attests that your device is CTS compatible.
You can read more on SafetyNet Playground at https://www.cigital.com/blog/using-safetynet-api
You can read a technical analysis of SafetyNet internals at https://koz.io/inside-safetynet
This application and associated web service are released as open source codeAndroid application: https://github.com/cigital/safetynet-appWeb Service: https://github.com/cigital/safetynet-web-php
Credits:
SafetyNet research: John Kozyrakis, Technical Strategist @CigitalSafetyNet Playground app and web service development: Georgi Boiko, Security Consultant @Cigital
Category : Tools
Related searches
So what does it mean when the app crashes upon setting it in action. 4.3, rooted, xposed, xprivacy. Note 3