Zum Inhalt springen

How SafetyNet Attestation APIs Help Combat Security Threats

Jun 26, 2020 | 42Gears Team


Given the millions of devices running Android and the numerous variants of Android Open Source Projects (AOSP) running on these devices, the Android platform is inherently  vulnerable to security threats posed by malicious apps, harmful code, device tampering, and more. The very same threats also make it difficult for enterprises to ensure that every version of the platform being used in the organization is secure.

SafetyNet is one of several features and programs that Google offers for developers and OEM vendors as part of its continued efforts to bolster Android security.

The SafetyNet APIs offered by Google provide an extra layer of security to Android devices against unsecured apps or content.

Developers integrate SafetyNet APIs into their apps to make them more secure. These APIs check the device’s hardware/software level and determine if it has any malicious content, apps or codes, if it has been tampered, and whether or not it is interacting with genuine apps.

SafetyNet Attestation APIs

SafetyNet APIs are designed to check if a device is rooted by a user, has malicious content or code, is running a custom ROM, and more.

The Attestation APIs check two important things – the Basic Integrity of the device (if factory settings have been modified) and if the device has failed the Compatibility Test Suite (CTS).

All Google certified devices need to pass the CTS compatibility test. SafetyNet Attestation APIs check if devices have passed the CTS or not. Any tampering with the device, such as rooting the device, unlocking the bootloader, running a custom ROM, or installing malware will make the device fail the CTS compatibility test.

How it works

Google Play Services runs a background service on Android devices by default. This service collects information from each device and sends it to Google on a regular basis. By analyzing this data, Google determines if the device is secure (if it has been tampered with, factory settings have been modified, or it has failed the CTS compatibility test).

An insecure device will cause the SafetyNet to trip.

Once this happens, whenever an app calls the SafetyNet Attestation APIs using Google SDK, it receives a data-based response. The application can then analyze the response to deduce if the device has been tampered with or  is CTS compliant.

So next time when you see an app not responding on a rooted device, it may be because of the SafetyNet APIs. Even if apps do open on such a device, many will not allow users to perform regular tasks.

42Gears Mobility Systems has integrated SafetyNet Attestation APIs with its UEM solution to offer customers better visibility into the security and health of their devices.

For more information on SureMDM, the 42Gears UEM solution, click here.

Are you looking for ways to secure your Android enterprise devices?


Subscribe for our free newsletter

Thank you! you are successfully subscribed.

Exclusive News and Updates on Enterprise Mobility!

* I consent to receive newsletters via email from 42Gears and its Affiliates.
Please agree
* I have reviewed and agreed to 42Gears Privacy Policy and Terms of Use prior to subscribing and understand that I may change my preference or unsubscribe at any time.
Please agree
Please verify captcha
Please enter a valid official email