safetynet

问题 When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to attest.android.com Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host. Does SSL signing cater for validation without previously knowing the

问题 When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to attest.android.com Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host. Does SSL signing cater for validation without previously knowing the

问题 I have integrated firebase phone authentication in my android app. It was working fine for almost 2 months and suddenly from 2-3 days back I am observing different behavior. Capcha screen started appearing. Earlier I had not enabled safetynet device check API. Looking at firebase documentation I treid enabling safetynet device check. As the steps are not clear, I am not sure if I did it right. I am also not clear how firebase and google cloud are linked. How firebase will know which google

问题 I'm trying to understand how the jwt signature validation works. This is how I'm doing it at the moment: 1) My app calls the attest api 2) My app sends the jwt to my server 3) My server verify the signature (third field of the jwt) using the certificate provided in the header of the jwt. I understand that the signature is created by hashing the header and the payload of the jwt and then signing it (encrypting it) with Google's private key. What I do in my step 3 is that I take the header +

问题 I've successfully created backend service and Android client for SafetyNet attestation. When I send jws token to my server and try to validate it's certificate it turns out that there is no certificate that signed it. Should I add api key to my Android app? My attestation result:

问题 I've successfully created backend service and Android client for SafetyNet attestation. When I send jws token to my server and try to validate it's certificate it turns out that there is no certificate that signed it. Should I add api key to my Android app? My attestation result:

问题 For saftey environment check in android I was using https://developer.android.com/training/safetynet/attestation.html SafetyNet.getClient(this).attest(nonce, API_KEY) .addOnSuccessListener(this,successListner) .addOnFailureListener(this,failureListener) for which I am getting failure callback with network error null . Can anybody please throw some light on this ? but https://medium.com/@hargoyal/secure-android-app-with-safetynet-8e367a1c8ad0 SafetyNet.SafetyNetApi.attest(mGoogleApiClient,

问题 I am implementing SafetyNet API based on Google SafetyNet sample and SafetyNet Helper Here is my working code. First part is processing code I used at SafetyNetSampleFragment: import android.support.annotation.NonNull; import android.support.annotation.Nullable; import android.support.v4.app.FragmentActivity; import android.util.Base64; import android.util.Log; import com.google.android.gms.common.ConnectionResult; import com.google.android.gms.common.api.GoogleApiClient; import com.google

问题 When setting restriction to an API key the Attestation API stops working: OnFailureListener gets fired with the CANCELLED(16) status code The restrictions are the android package name and the certificate signature(SHA-1) Does the SafetyNet Attestation API support restricted API keys ? Note: the same API key with the additional restriction works fine with Google Maps API UPDATE: On devices running Google Play Services v13.0 and above, the SafetyNet Attestation API also supports app-restricted

问题 While attempting to attest with SafetyNetClient.attest(...) in the latest Play-Services v11.0.1, the client errors out and returns an ApiException. code snippet: byte[] nonce = getRequestNonce(); String apiKey = "<api key>"; mSafetyNetClient.attest(nonce, apiKey) .addOnCompleteListener(new OnCompleteListener<SafetyNetApi.AttestationResponse>() { @Override public void onComplete(@NonNull Task<SafetyNetApi.AttestationResponse> task) { ... } }); ... private byte[] getRequestNonce() { String