Stack Overflow
Stack Overflow

Questions tagged [safetynet]

102 questions
2
votes
1 answer

Firebase AppCheck: how to remove/disable SafetyNet entirely from the UI when previously enabled (Firebase Bug?)

We have both SafetyNet and Play Integrity enabled. We only want Play Integrity, but it’s currently impossible to disable SafetyNet from Firebase UI (looks like a Google bug!?). SafetyNet reappears all the time when trying to enable Play Integrity…
Jerome Mouneyrac
  • 21
  • 2
2
votes
0 answers

Understanding Firebase App Check rejection

My project use Firebase App check on iOS using DeviceCheck & App Test, cloud functions have enforcement checking wether auth context.app is undefined or not, simply like: if (appCheckEnabled == true && appCheckFunctions[functionName] == true) { …
ffdev
  • 21
  • 2
2
votes
0 answers

Detect Rooted Device By Using SafetyNet - Failure Listener

I'm trying to detect rooted device on my app before my login process. Regarding to this answer , I decided to use SafetyNet. I edited this code like this: public class RootedDeviceCheckWithSafetyNetAttestation { public static AtomicInteger…
Wicaledon
  • 710
  • 1
  • 11
  • 26
2
votes
3 answers

Firebase AppCheck Quotas & Limits

From firebase documentary https://firebase.google.com/docs/app-check Your use of App Check is subject to the quotas and limits of the attestation providers you use. DeviceCheck access is subject to any quotas or limitations set by Apple. SafetyNet…
bigbang489
  • 21
  • 4
2
votes
0 answers

SafetyNet: Does DDoS abuse count towards daily 10.000 request limit

According to Google SafetyNet documentation The default quota allotment (per project) for calling the SafetyNet Attestation API is 10,000 requests per day across your user base. Does it also count towards our daily limit when bad players create…
arberg
  • 4,148
  • 4
  • 31
  • 39
2
votes
1 answer

Android SafetyNetClient.attest() Timeout

As you may know SafetyNetClient.attest() runs async. But in our app we want to receive the SafetyNetApi.AttestationResponse synchronously. Because the SafetyNet result is required as input for another use case. To achieve that we implemented a…
iBinVuiDabei
  • 21
  • 2
2
votes
2 answers

Google SafetyNet API JwsResult is a hashed string instead of JSON

I've successfully implemented Google SafetyNet API, even have a successful response. Problem is that the JWSResult from AttestationResponse is a hashed string, whereas my expectation was to get a JSON in response. May I ask where do I need to first…
Lendl Leyba
  • 2,287
  • 3
  • 34
  • 49
2
votes
2 answers

How to calculate proper apkCertificateDigestSha256 having access to certificate?

SafetyNet documentation (https://developer.android.com/training/safetynet/attestation) states that field returned in attestation token called apkCertificateDigestSha256 is Base-64 encoded representation(s) of the SHA-256 hash of the calling app's…
Areinu
  • 172
  • 1
  • 13
2
votes
1 answer

Does Apple DeviceCheck still work on a jailbroken iPhone?

Simple question, no biggie. I'm trying to secure a React-Native application by validating tokens on the backend that were generated by Android SafetyNet and Apple DeviceCheck. I then create an access token to the API after the device passes the…
Dr. Div
  • 951
  • 14
  • 26
2
votes
1 answer

Android Safetynet Attestation built-in retry logic

My question is what retry logic does Google Safetynet have built-in, and what retry logic should be build in the application? What is the best-practice for building the application level logic? I use Safetynet Attestation in Android application and…
Veikko
  • 3,372
  • 2
  • 21
  • 31
2
votes
2 answers

Android: SafetyNet Attest Device Verification Response Network Error

I'm calling SafetyNet Api using Google Client but it not responding the correct response. SafetyNet.SafetyNetApi.attest(mGoogleApiClient, generateNonce()) .setResultCallback(new ResultCallback() { …
Robin Royal
  • 1,788
  • 1
  • 18
  • 29
2
votes
0 answers

Intermittent network issues with SafetyNet attest API

Experts, we are having intermittent connection failures with the SafetyNet client on Android. We are using com.google.android.gms:play-services-safetynet version 11.8.0 but have also seen the issue with version 16. The issue occurs when the device…
checkmate711
  • 3,301
  • 2
  • 35
  • 45
2
votes
2 answers

SafetyNet unable to get result

I am trying to learn how to implement safetynet with the reference of a fellow member in stackover. SafetyNet: package name always return null The first section of the code is a complete code of SafetyNetVerifier package com.example.stack; import…
twistofytd
  • 29
  • 2
  • 6
2
votes
1 answer

Android reCAPTCHA API: What's the point of validating the user token?

I'm investigating the new Android reCAPTCHA API but I am not really getting what is the point of validating the user token via https://www.google.com/recaptcha/api/siteverify and why this isn't done automatically by the SafetyNet client. Can someone…
Roberto Leinardi
  • 10,641
  • 6
  • 65
  • 69
2
votes
1 answer

How to truly protect an android app's google api key if it uses SafetyNet?

I'm currently using a google API key I generated that I put inside the android app to access SafetyNet and Google Maps. I plan on shifting all the calls to the Google Maps API onto my own servers where I'm storing my Google API key on the server and…
RichyDavisWindow3
  • 313
  • 3
  • 13
1 2
3
4 5 6 7