SafetyNetClient

  • SafetyNetClient is the main entry point for SafetyNet.

  • It provides methods for device attestation, managing Verify Apps, using the Safe Browsing API, listing harmful apps, and providing user attestation with reCAPTCHA.

  • The attest method provides device attestation results, requiring a nonce and API key.

  • Safe Browsing functionality includes initializing, looking up URIs for threats, and shutting down the API.

  • Verify Apps methods allow checking if Verify Apps is enabled and prompting the user to enable it.

public classSafetyNetClient extendsGoogleApi<Api.ApiOptions.NoOptions>

The main entry point for SafetyNet.

Public Method Summary

Task<SafetyNetApi.AttestationResponse>
attest(byte[] nonce,String apiKey)
Provides attestation results for the device.
Task<SafetyNetApi.VerifyAppsUserResponse>
enableVerifyApps()
Prompts the user to enable Verify Apps if it is currently turned off.
Task<Void>
initSafeBrowsing()
Initializes the Safe Browsing API.
Task<SafetyNetApi.VerifyAppsUserResponse>
isVerifyAppsEnabled()
Determines whether Verify Apps is enabled.
Task<SafetyNetApi.HarmfulAppsResponse>
listHarmfulApps()
Gets a list of known, potentially harmful apps installed.
Task<SafetyNetApi.SafeBrowsingResponse>
lookupUri(String uri,String apiKey, int... threatTypes)
Checks whether a URI is known to have specific threats.
Task<Void>
shutdownSafeBrowsing()
Safely shuts down the Safe Browsing API, releasing a resources from the system.
Task<SafetyNetApi.RecaptchaTokenResponse>
verifyWithRecaptcha(String siteKey)
Provides user attestation with reCAPTCHA.

Inherited Method Summary

From class java.lang.Object
Object
clone()
boolean
equals(Object arg0)
void
finalize()
finalClass<?>
getClass()
int
hashCode()
final void
notify()
final void
notifyAll()
String
toString()
final void
wait(long arg0, int arg1)
final void
wait(long arg0)
final void
wait()

Public Methods

publicTask<SafetyNetApi.AttestationResponse>attest(byte[] nonce,String apiKey)

Provides attestation results for the device.

An attestation result states whether the device where it is running matches the profile of a device that has passed Android compatibility testing.

When you request a compatibility check, you must provide a nonce, which is a random token generated in a cryptographically secure manner. You can obtain a nonce by generating one within your app each time you make a compatibility check request. As a more secure option, you can obtain a nonce from your own server, using a secure connection.

A nonce used with an attestation request should be at least 16 bytes in length. After you make a request, the response SafetyNetApi.AttestationResponse includes your nonce, so you can verify it against the one you sent. You should only use a nonce value once, for a single request. Use a different nonce for any subsequent attestation requests. For tips on using cryptography functions, seeSecurity Tips.

Parameters
nonceA cryptographic nonce used for anti-replay and tracking of requests.
apiKeyAn Android API key obtained through the developer console.

publicTask<SafetyNetApi.VerifyAppsUserResponse>enableVerifyApps()

Prompts the user to enable Verify Apps if it is currently turned off.

publicTask<Void>initSafeBrowsing()

Initializes the Safe Browsing API.

This method must be called prior to calling lookupUri(String, String, int...).

publicTask<SafetyNetApi.VerifyAppsUserResponse>isVerifyAppsEnabled()

Determines whether Verify Apps is enabled.

publicTask<SafetyNetApi.HarmfulAppsResponse>listHarmfulApps()

Gets a list of known, potentially harmful apps installed.

publicTask<SafetyNetApi.SafeBrowsingResponse>lookupUri(String uri,String apiKey, int... threatTypes)

Checks whether a URI is known to have specific threats.

Parameters
uriAString that represents the URI that should be looked up.
apiKey
threatTypesintegers fromSafeBrowsingThreat to indicate that the URI should be queried for these threat types.

publicTask<Void>shutdownSafeBrowsing()

Safely shuts down the Safe Browsing API, releasing a resources from the system.

This method should be called when the client is no longer using the API, which includes when the client's Activity is no longer visible.

publicTask<SafetyNetApi.RecaptchaTokenResponse>verifyWithRecaptcha(String siteKey)

Provides user attestation with reCAPTCHA.

If reCAPTCHA is confident that this is a real user on a real device it will return a token with no challenge. Otherwise it will provide a visual/audio challenge to attest the humanness of the user before returning a token.

Parameters
siteKey A site public key registered for this app at//g.co/recaptcha/androidsignup

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2024-10-31 UTC.