Google is committed to advancing racial equity for Black communities. See how.

SafetyNetClient

public class SafetyNetClient extends GoogleApi<Api.ApiOptions.NoOptions>

The main entry point for SafetyNet.

Public Method Summary

Task<SafetyNetApi.AttestationResponse>
attest(byte[] nonce, String apiKey)
Provides attestation results for the device.
Task<SafetyNetApi.VerifyAppsUserResponse>
enableVerifyApps()
Prompts the user to enable Verify Apps if it is currently turned off.
Task<Void>
initSafeBrowsing()
Initializes the Safe Browsing API.
Task<SafetyNetApi.VerifyAppsUserResponse>
isVerifyAppsEnabled()
Determines whether Verify Apps is enabled.
Task<SafetyNetApi.HarmfulAppsResponse>
listHarmfulApps()
Gets a list of known, potentially harmful apps installed.
Task<SafetyNetApi.SafeBrowsingResponse>
lookupUri(String uri, String apiKey, int... threatTypes)
Checks whether a URI is known to have specific threats.
Task<Void>
shutdownSafeBrowsing()
Safely shuts down the Safe Browsing API, releasing a resources from the system.
Task<SafetyNetApi.RecaptchaTokenResponse>
verifyWithRecaptcha(String siteKey)
Provides user attestation with reCAPTCHA.

Inherited Method Summary

Public Methods

public Task<SafetyNetApi.AttestationResponse> attest (byte[] nonce, String apiKey)

Provides attestation results for the device.

An attestation result states whether the device where it is running matches the profile of a device that has passed Android compatibility testing.

When you request a compatibility check, you must provide a nonce, which is a random token generated in a cryptographically secure manner. You can obtain a nonce by generating one within your app each time you make a compatibility check request. As a more secure option, you can obtain a nonce from your own server, using a secure connection.

A nonce used with an attestation request should be at least 16 bytes in length. After you make a request, the response SafetyNetApi.AttestationResponse includes your nonce, so you can verify it against the one you sent. You should only use a nonce value once, for a single request. Use a different nonce for any subsequent attestation requests. For tips on using cryptography functions, see Security Tips.

Parameters
nonce A cryptographic nonce used for anti-replay and tracking of requests.
apiKey An Android API key obtained through the developer console.

public Task<SafetyNetApi.VerifyAppsUserResponse> enableVerifyApps ()

Prompts the user to enable Verify Apps if it is currently turned off.

public Task<Void> initSafeBrowsing ()

Initializes the Safe Browsing API.

This method must be called prior to calling lookupUri(String, String, int...).

public Task<SafetyNetApi.VerifyAppsUserResponse> isVerifyAppsEnabled ()

Determines whether Verify Apps is enabled.

public Task<SafetyNetApi.HarmfulAppsResponse> listHarmfulApps ()

Gets a list of known, potentially harmful apps installed.

public Task<SafetyNetApi.SafeBrowsingResponse> lookupUri (String uri, String apiKey, int... threatTypes)

Checks whether a URI is known to have specific threats.

Parameters
uri A String that represents the URI that should be looked up.
apiKey
threatTypes integers from SafeBrowsingThreat to indicate that the URI should be queried for these threat types.

public Task<Void> shutdownSafeBrowsing ()

Safely shuts down the Safe Browsing API, releasing a resources from the system.

This method should be called when the client is no longer using the API, which includes when the client's Activity is no longer visible.

public Task<SafetyNetApi.RecaptchaTokenResponse> verifyWithRecaptcha (String siteKey)

Provides user attestation with reCAPTCHA.

If reCAPTCHA is confident that this is a real user on a real device it will return a token with no challenge. Otherwise it will provide a visual/audio challenge to attest the humanness of the user before returning a token.

Parameters
siteKey A site public key registered for this app at //g.co/recaptcha/androidsignup