My question is what retry logic does Google Safetynet have built-in, and what retry logic should be build in the application? What is the best-practice for building the application level logic?
I use Safetynet Attestation in Android application and web backend service. Safetynet is used to validate that data is originating from our Android application installed in a valid Android device and that the message is not tampered. The basic code used is from Safetynet documentation example
I am having issues designing the retry logic for getting safetynet attestation in the device application in cases when network connectivity is not temporarily available, or otherwise Google Safetynet API is not accessible for a period of time.
Safetynet classes are based on GoogleApi class. Documentation for GoogleApi says that there is already some automatic time-out/reconnect logic.
- Automatically timed-out and reconnected when necessary
What logic is automatically built-in to the Safetynet, and what logic needs to be build by application developers? For example what is the time-out for requests ("automatically timed-out") and can it be adjusted? How many retries does it do and with what retry strategy ("reconnected when necessary")?
