safetynet

How does SSL Hostname matching work on JWS?

心不动则不痛 提交于 2021-02-17 03:07:56
问题 When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to attest.android.com Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host. Does SSL signing cater for validation without previously knowing the

How does SSL Hostname matching work on JWS?

a 夏天 提交于 2021-02-17 03:04:49
问题 When using Google SafetyNet for Android the documentation suggest that you Validate the SSL certificate chain and use SSL Hostname matching to ensure the leaf certification was issues to attest.android.com Now how does this work? I would have assumed that I get the JWS message inspect the certs and signature etc but would validate against a cert grabbed from attest.android.com, but attest.android.com is not a live host. Does SSL signing cater for validation without previously knowing the

What are the exact steps to enable safetynet device check api on Android

◇◆丶佛笑我妖孽 提交于 2020-12-31 08:46:49
问题 I have integrated firebase phone authentication in my android app. It was working fine for almost 2 months and suddenly from 2-3 days back I am observing different behavior. Capcha screen started appearing. Earlier I had not enabled safetynet device check API. Looking at firebase documentation I treid enabling safetynet device check. As the steps are not clear, I am not sure if I did it right. I am also not clear how firebase and google cloud are linked. How firebase will know which google

Android SafetyNet JWT signature verification

喜你入骨 提交于 2020-07-09 05:27:41
问题 I'm trying to understand how the jwt signature validation works. This is how I'm doing it at the moment: 1) My app calls the attest api 2) My app sends the jwt to my server 3) My server verify the signature (third field of the jwt) using the certificate provided in the header of the jwt. I understand that the signature is created by hashing the header and the payload of the jwt and then signing it (encrypting it) with Google's private key. What I do in my step 3 is that I take the header +

Safety environment check in android using SafetyNet Attestation API is not working as it not getting callback on success or failure callback

牧云@^-^@ 提交于 2019-12-20 02:32:40
问题 For saftey environment check in android I was using https://developer.android.com/training/safetynet/attestation.html SafetyNet.getClient(this).attest(nonce, API_KEY) .addOnSuccessListener(this,successListner) .addOnFailureListener(this,failureListener) for which I am getting failure callback with network error null . Can anybody please throw some light on this ? but https://medium.com/@hargoyal/secure-android-app-with-safetynet-8e367a1c8ad0 SafetyNet.SafetyNetApi.attest(mGoogleApiClient,

SafetyNet: package name always return null

故事扮演 提交于 2019-12-11 06:25:40
问题 I am implementing SafetyNet API based on Google SafetyNet sample and SafetyNet Helper Here is my working code. First part is processing code I used at SafetyNetSampleFragment: import android.support.annotation.NonNull; import android.support.annotation.Nullable; import android.support.v4.app.FragmentActivity; import android.util.Base64; import android.util.Log; import com.google.android.gms.common.ConnectionResult; import com.google.android.gms.common.api.GoogleApiClient; import com.google

Android SafetyNet API fails when using API key restriction

ⅰ亾dé卋堺 提交于 2019-12-10 03:52:06
问题 When setting restriction to an API key the Attestation API stops working: OnFailureListener gets fired with the CANCELLED(16) status code The restrictions are the android package name and the certificate signature(SHA-1) Does the SafetyNet Attestation API support restricted API keys ? Note: the same API key with the additional restriction works fine with Google Maps API UPDATE: On devices running Google Play Services v13.0 and above, the SafetyNet Attestation API also supports app-restricted

Android SafetyNetClient.Attest(…) Returns ApiException

南笙酒味 提交于 2019-12-06 14:12:57
问题 While attempting to attest with SafetyNetClient.attest(...) in the latest Play-Services v11.0.1, the client errors out and returns an ApiException. code snippet: byte[] nonce = getRequestNonce(); String apiKey = "<api key>"; mSafetyNetClient.attest(nonce, apiKey) .addOnCompleteListener(new OnCompleteListener<SafetyNetApi.AttestationResponse>() { @Override public void onComplete(@NonNull Task<SafetyNetApi.AttestationResponse> task) { ... } }); ... private byte[] getRequestNonce() { String