SafetyNet

The SafetyNet Attestation API,{{Cite web|title=SafetyNet Attestation API|url=https://developer.android.com/training/safetynet/attestation|website=Android Developers|language=en-US}} one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised.{{Cite web|last=Hoffman|first=Chris|title=SafetyNet Explained: Why Android Pay and Other Apps Don't Work on Rooted Devices|url=https://www.howtogeek.com/241012/safetynet-explained-why-android-pay-and-other-apps-dont-work-on-rooted-devices/|access-date=2021-09-11|website=How-To Geek|date=4 February 2016 |language=en-US}}{{Cite web|date=2020-06-29|title=Google's dreaded SafetyNet hardware check has been spotted in the wild|url=https://www.androidpolice.com/2020/06/29/googles-dreaded-safetynet-hardware-check-has-been-spotted-in-the-wild/|access-date=2021-09-11|website=Android Police|language=en-US}}{{Cite book|last1=Ibrahim|first1=Muhammad|last2=Imran|first2=Abdullah|last3=Bianchi|first3=Antonio|title=Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services |chapter=SafetyNOT |date=2021-06-24|language=en|location=Virtual Event Wisconsin|publisher=ACM|pages=150–162|doi=10.1145/3458864.3466627|isbn=978-1-4503-8443-8|doi-access=free}}

In practice, non-official ROMs such as LineageOS fail the hardware attestation and thus restrict the user from using a non-compliant ROM while being able to use third-party apps (mainly banking) that require the API.

Due to this, some consider this a monopolistic practice deterring the entrance of competing mobile operating systems in the market. {{cite web |last1=Schwab |first1=Andreas |last2=Echeverria |first2=Pablo Arias |title=Time to restore fairness and contestability in digital markets |url=https://www.euractiv.com/section/digital/opinion/time-to-restore-fairness-and-contestability-in-digital-markets/ |website=www.euractiv.com |date=24 March 2022}}

Attestation requires a network connection for Google Play Services to connect to Google servers and validate the hardware signatures. Amongst the checks, the API looks for bootloader unlock status, ROM signature and kernel strings. Upon successful checks, Google Play will mark the device as Certified.

The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated.{{Cite web|title=SafetyNet Deprecation Timeline|url=https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline|website=Android Developers|language=en-US}} {{Retrieved|access-date=2023-10-06}} {{As of|2023|10|6|post=,}} Google expects to fully replace it with the Play Integrity API by the end of January 2025.{{cite web |title=Migrating from the SafetyNet Attestation API {{!}} Google Play |url=https://developer.android.com/google/play/integrity/migrate |website=Android Developers |language=en}} Like the SafetyNet APIs, the Play Integrity API is offered by Google Services and thus is not available on free Android environments (AOSP). Therefore, apps that require the API to be available may refuse to execute on AOSP builds.

• Samsung Knox
• Trusted Computing

{{Reflist}}

• [https://developer.android.com/training/safetynet Protect against security threats with SafetyNet]
• [https://github.com/kdrag0n/safetynet-fix/blob/master/docs/details.md How does Universal SafetyNet Fix work?]
• [https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline SafetyNet Attestation API deprecation timeline]
• [https://developer.android.com/google/play/integrity Play Integrity API Documentation]
• [https://developer.android.com/google/play/integrity/migrate Play Integrity API Migration Guide]

{{Android}}

Category:Android (operating system)

Category:Computer security

Category:Digital rights management systems