SafetyNet API
   HOME

TheInfoList



Click Here for Items Related To - SafetyNet API
OR:
SafetyNet API on:   [Wikipedia]   [Google]   [Amazon]

SafetyNet consists of several
application programming interface An application programming interface (API) is a connection between computers or between computer programs. It is a type of software Interface (computing), interface, offering a service to other pieces of software. A document or standard that des ...
s (APIs) offered by the Google Play Services to support security sensitive applications and enforce
DRM DRM may refer to: Government, military and politics * Defense reform movement, U.S. campaign inspired by Col. John Boyd * Democratic Republic of Madagascar, a former socialist state (1975–1992) on Madagascar * Direction du renseignement militair ...
. Currently, these APIs include device integrity verification, app verification, recaptcha and web address verification. It is an extension of AVB2.0 and dm-verity.


Attestation

The SafetyNet Attestation API, one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised. In practice, non-official ROMs such as
LineageOS LineageOS is an Open-source software, open source Android (operating system), Android operating system for smartphones, tablet computer, tablets, and set-top boxes. It is community-developed and serves as the successor to CyanogenMod, from which ...
fail the hardware attestation and thus restrict the user from using a non-compliant ROM while being able to use third-party apps (mainly banking) that require the API. Due to this, some consider this a monopolistic practice deterring the entrance of competing
mobile operating system A mobile operating system is an operating system used for smartphones, tablets, smartwatches, smartglasses, or other non-laptop personal mobile computing devices. While computers such as laptops are "mobile", the operating systems used on the ...
s in the market. Attestation requires a network connection for Google Play Services to connect to Google servers and validate the hardware signatures. Amongst the checks, the API looks for bootloader unlock status, ROM signature and kernel strings. Upon successful checks,
Google Play Google Play, also known as the Google Play Store, Play Store, or sometimes the Android Store (and was formerly Android Market), is a digital distribution service operated and developed by Google. It serves as the official app store for certifie ...
will mark the device as ''Certified''. The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated. Google expects to fully replace it with the Play Integrity API by the end of January 2025. Like the SafetyNet APIs, the Play Integrity API is offered by Google Services and thus is not available on free Android environments ( AOSP). Therefore, apps that require the API to be available may refuse to execute on AOSP builds.


See also

* Samsung Knox *
Trusted Computing Trusted Computing (TC) is a technology developed and promoted by the Trusted Computing Group. The term is taken from the field of trusted systems and has a specialized meaning that is distinct from the field of confidential computing. With Trust ...


References


External links


Protect against security threats with SafetyNet

How does Universal SafetyNet Fix work?

SafetyNet Attestation API deprecation timeline

Play Integrity API Documentation

Play Integrity API Migration Guide
{{Android Android (operating system) Computer security Digital rights management systems