问题
Suppose I develop an online game that interacts with a server for Android. What I want to ensure is that the APK file running on a given users' device is the APK that I have uploaded to the Google Play Store. (Meaning, I'm trying to avoid situations where someone extracts the APK from a device, hacks it, sideloads it back onto the device and then uses it to play the game).
Are there services provided by Google, the Play Store, Android, etc that can do that? For instance, the Play Store might have a SHA256 checksum of that APK file. Since my game is integrated with Google Play (for saving your game and progress), is there some service that I could invoke to compare the currently running game with what the Play Store has registered?
My thinking is that I can't add validation to my application itself since a sufficiently motivated modder could just bypass or forge. I was hoping something might exist at the platform-level.
Thanks in advance!
回答1:
This seems to be what the SafetyNet Attestation API is for.
来源:https://stackoverflow.com/questions/59634280/for-online-android-games-what-services-are-available-to-ensure-the-integrity-of