I'm trying to implement a simple URL request check-in Android using the Safe Browsing guide at https://developer.android.com/training/safetynet/safebrowsing.html to get a malware or phishing threats for some URL.
I'm using a fragment (for a tabbed activity) to implement the API, and it's supposed to retrieve a request with the malware site information, but always is a response that the malicious site is not a true threat.
for example this site: http://malware.testing.google.test/testing/malware/ using the transparency report tool: https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fmalware.testing.google.test%2Ftesting%2Fmalware%2F is showing that the site is malicious, but in my app show that is a trusted site.
here is my code:
public class ThreatList extends Fragment{
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
}
@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
View view = inflater.inflate(R.layout.fragment_threat, container, false);
new LoadThreatData().execute();
return view;
}
@Override
public void onResume(){
super.onResume();
}
@SuppressLint("StaticFieldLeak")
private class LoadThreatData extends AsyncTask<Void, Integer, Void>{
@Override
protected Void doInBackground(Void... voids) {
SafetyNet.getClient(getActivity()).initSafeBrowsing();
Log.d("Threats", "init");
return null;
}
@Override
protected void onPostExecute(Void result){
String url = "http://malware.testing.google.test/testing/malware/"; //"go.trackmyclicks202.com";//"http://ianfette.org/"; //"http://malware.wicar.org/data/eicar.com";
SafetyNet.getClient(getActivity()).lookupUri(
url,
"MY_API_KEY_FROM_GOOGLE_DEVELOPERS_CONSOLE",
SafeBrowsingThreat.TYPE_POTENTIALLY_HARMFUL_APPLICATION,
SafeBrowsingThreat.TYPE_SOCIAL_ENGINEERING)
.addOnSuccessListener(getActivity(), new OnSuccessListener<SafetyNetApi.SafeBrowsingResponse>() {
@Override
public void onSuccess(SafetyNetApi.SafeBrowsingResponse sbResponse) {
// Indicates communication with the service was successful.
// Identify any detected threats.
if (sbResponse.getDetectedThreats().isEmpty()) {
// No threats found.
Log.e("Threats", "no threats found");
Toast.makeText(
getActivity(),
"no threats",
Toast.LENGTH_SHORT)
.show();
//always get in here
} else {
// Threats found!
Log.e("Threats", sbResponse.toString());
Toast.makeText(
getActivity(),
sbResponse.toString(),
Toast.LENGTH_SHORT)
.show();
}
}
})
.addOnFailureListener(getActivity(), new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
// An error occurred while communicating with the service.
if (e instanceof ApiException) {
// An error with the Google Play Services API contains some
// additional details.
ApiException apiException = (ApiException) e;
Log.d(TAG, "Error: " + CommonStatusCodes
.getStatusCodeString(apiException.getStatusCode()));
Toast.makeText(
getActivity(),
"error1",
Toast.LENGTH_SHORT)
.show();
// Note: If the status code, apiException.getStatusCode(),
// is SafetyNetstatusCode.SAFE_BROWSING_API_NOT_INITIALIZED,
// you need to call initSafeBrowsing(). It means either you
// haven't called initSafeBrowsing() before or that it needs
// to be called again due to an internal error.
} else {
// A different, unknown type of error occurred.
Log.d(TAG, "Error: " + e.getMessage());
Toast.makeText(
getActivity(),
"error2",
Toast.LENGTH_SHORT)
.show();
}
}
});
}
}
}
In the gradle use:
compile 'com.google.android.gms:play-services-safetynet:11.8.0'
In the manifest put the permission:
<uses-permission android:name="android.permission.INTERNET" />
I don't know what I'm doing wrong, I'm using the V4 API the most recent version but no matter what URL use, always show it's not a threat, V3 API is now deprecated for that reason I don't use it.
The API is already enabled and I get my API key and all the necessary configurations but in the API panel from google developers console show that there is no traffic or usages for the specific API, any help, please!!!
