Sometimes you are making a secure App, and you do not want to run your App on insecure devices. To check whether the device is secure or not, Google Provides SafetyNet API with Google Play services. In this tutorial, we will make a sample app and use SafetyNet API to check the device security. We will test this app on secure and insecure devices.

The SafetyNet API returns two results. One for Basic Integrity and another one for CTS Profile match. If Basic Integrity is true, the device is not likely tampered. CTS profile match means this device matches with the device that passed Compatability Test Suite. The Basic Integrity is weaker that CTS profile match. If you need higher security, you can use only CTS profile match. Apps like Android Pay use CTS profile match since it requires the device to be most secure.

Follow the steps given below to enable SaftetyNet in Google cloud console and obtain API Key.

-> Open https://console.cloud.google.com

-> Create a new project and give a name of your choice.

-> Select API Manager from sliding menu and enable Android Device Verification API.

-> Select Credentials from the API Manager section. Then select Select Create credentials -> API Key

Now your API key will be created. Note down the key.

Here I have created an Android Studio project with package com.learn2crack.safetynet also Activity as MainActivity and layout as activity_main.

We need to add Google Play Services SafetyNet dependency to our build.gradle.

com.google.android.gms:play-services-safetynet:10.2.0

In addition to that, we need to add dependencies for Retrofit, CardView and Design support library.

apply plugin: 'com.android.application'

android {
    compileSdkVersion 25
    buildToolsVersion "25.0.2"
    defaultConfig {
        applicationId "com.learn2crack.safetynet"
        minSdkVersion 19
        targetSdkVersion 25
        versionCode 1
        versionName "1.0"
        testInstrumentationRunner "android.support.test.runner.AndroidJUnitRunner"
    }
    buildTypes {
        release {
            minifyEnabled false
            proguardFiles getDefaultProguardFile('proguard-android.txt'), 'proguard-rules.pro'
        }
    }

    packagingOptions {
        exclude 'META-INF/LICENSE'
    }
}

dependencies {
    compile fileTree(dir: 'libs', include: ['*.jar'])
    androidTestCompile('com.android.support.test.espresso:espresso-core:2.2.2', {
        exclude group: 'com.android.support', module: 'support-annotations'
    })
    compile 'com.android.support:appcompat-v7:25.2.0'
    compile 'com.android.support:cardview-v7:25.2.0'
    compile 'com.android.support:design:25.2.0'

    compile 'com.squareup.retrofit2:retrofit:2.2.0'
    compile 'com.squareup.retrofit2:converter-gson:2.2.0'

    compile 'com.google.android.gms:play-services-safetynet:10.2.0'

    testCompile 'junit:junit:4.12'
}

Add your API Key to res->values->strings.xml as,

<string name="api_key">Your API Key</string>

We need to add Internet permission in our AndroidManifest.xml

<uses-permission android:name="android.permission.INTERNET"/>

The API Key is set as metadata for the Activity.

<meta-data 
    android:name="com.google.android.safetynet.ATTEST_API_KEY"
    android:value="@string/api_key"/>

The  Color and Dimensions constants are defined as,

<?xml version="1.0" encoding="utf-8"?>
<resources>
    <color name="colorPrimary">#3F51B5</color>
    <color name="colorPrimaryDark">#303F9F</color>
    <color name="colorAccent">#2196F3</color>
    <color name="colorSuccess">#00C853</color>
    <color name="colorFailure">#ff5252</color>
</resources>

<resources>
    <!-- Default screen margins, per the Android Design guidelines. -->
    <dimen name="activity_horizontal_margin">16dp</dimen>
    <dimen name="activity_vertical_margin">16dp</dimen>
    <dimen name="card_elevation">2dp</dimen>
    <dimen name="card_corner_radius">2dp</dimen>
</resources>

Our layout has two CardView with ImageView and TextView to display results for Basic Integrity and CTS profile match. We also have a Floating Action Button at the bottom to start the test. A Progress Bar is added to display progress.

<?xml version="1.0" encoding="utf-8"?>
<RelativeLayout xmlns:android="http://schemas.android.com/apk/res/android"
    xmlns:tools="http://schemas.android.com/tools"
    xmlns:app="http://schemas.android.com/apk/res-auto"
    android:id="@+id/activity_main"
    android:layout_width="match_parent"
    android:layout_height="match_parent"
    android:paddingLeft="@dimen/activity_vertical_margin"
    android:paddingRight="@dimen/activity_vertical_margin"
    tools:context="com.learn2crack.safetynet.MainActivity">

    <android.support.v7.widget.CardView
        android:id="@+id/card_integrity"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_marginTop="@dimen/activity_vertical_margin"
        android:elevation="@dimen/card_elevation"
        android:visibility="invisible"
        app:cardCornerRadius="@dimen/card_corner_radius">

        <RelativeLayout
            android:layout_width="match_parent"
            android:layout_height="wrap_content">

            <TextView
                android:id="@+id/txt_title_integrity"
                android:layout_width="match_parent"
                android:layout_height="wrap_content"
                android:text="Basic Integrity"
                android:background="@color/colorPrimary"
                android:textStyle="bold"
                android:textAppearance="?android:attr/textAppearanceMedium"
                android:textColor="@android:color/white"
                android:textAlignment="center"
                android:padding="@dimen/activity_horizontal_margin"/>

            <ImageView
                android:id="@+id/img_integrity"
                android:layout_width="wrap_content"
                android:layout_height="wrap_content"
                android:layout_below="@+id/txt_title_integrity"
                android:layout_centerHorizontal="true"
                android:padding="16dp"/>

        </RelativeLayout>

    </android.support.v7.widget.CardView>

    <android.support.v7.widget.CardView
        android:id="@+id/card_cts"
        android:layout_width="match_parent"
        android:layout_height="wrap_content"
        android:layout_below="@+id/card_integrity"
        android:layout_marginTop="@dimen/activity_vertical_margin"
        android:elevation="@dimen/card_elevation"
        android:visibility="invisible"
        app:cardCornerRadius="@dimen/card_corner_radius">

        <RelativeLayout
            android:layout_width="match_parent"
            android:layout_height="wrap_content">

            <TextView
                android:id="@+id/txt_title_cts"
                android:layout_width="match_parent"
                android:layout_height="wrap_content"
                android:text="CTS Profile Match"
                android:textStyle="bold"
                android:textAppearance="?android:attr/textAppearanceMedium"
                android:background="@color/colorPrimary"
                android:textColor="@android:color/white"
                android:textAlignment="center"
                android:padding="@dimen/activity_horizontal_margin"/>

            <ImageView
                android:id="@+id/img_cts"
                android:layout_width="wrap_content"
                android:layout_height="wrap_content"
                android:layout_below="@+id/txt_title_cts"
                android:layout_centerHorizontal="true"
                android:padding="@dimen/activity_horizontal_margin"/>

        </RelativeLayout>

    </android.support.v7.widget.CardView>

    <ProgressBar
        android:id="@+id/progress"
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:layout_centerHorizontal="true"
        android:layout_centerVertical="true"
        android:visibility="gone"/>

    <android.support.design.widget.FloatingActionButton
        android:id="@+id/btn_proceed"
        android:layout_width="wrap_content"
        android:layout_height="wrap_content"
        android:src="@drawable/ic_forward"
        android:layout_centerHorizontal="true"
        android:layout_alignParentBottom="true"
        android:layout_marginBottom="@dimen/activity_vertical_margin"
        android:clickable="true"/>
</RelativeLayout>

We need to create three POJO classes.

SafetyNet API returns result in JWS (JSON Web Signature) format. So we decode JWS and store in JWS model class.

The next two classes are for Retrofit request and response. The JWSRequest class is for Retrofit request body. The Response class is for the Retrofit response.

These classes are created in the model package.

package com.learn2crack.safetynet.model;

import java.util.List;

public class JWS {

    private String nonce;
    private long timestampMs;
    private String apkPackageName;
    private String apkDigestSha256;
    private boolean ctsProfileMatch;
    private String extension;
    private List<String> apkCertificateDigestSha256;
    private boolean basicIntegrity;

    public String getNonce() {
        return nonce;
    }

    public long getTimestampMs() {
        return timestampMs;
    }

    public String getApkPackageName() {
        return apkPackageName;
    }

    public String getApkDigestSha256() {
        return apkDigestSha256;
    }

    public boolean isCtsProfileMatch() {
        return ctsProfileMatch;
    }

    public String getExtension() {
        return extension;
    }

    public List<String> getApkCertificateDigestSha256() {
        return apkCertificateDigestSha256;
    }

    public boolean isBasicIntegrity() {
        return basicIntegrity;
    }
}

package com.learn2crack.safetynet.model;

public class JWSRequest {

    private String signedAttestation;

    public void setSignedAttestation(String signedAttestation) {

        this.signedAttestation = signedAttestation;
    }
}

package com.learn2crack.safetynet.model;

public class Response {

    private boolean isValidSignature;

    public boolean isValidSignature() {
        return isValidSignature;
    }
}

After receiving JWS from SafetyNet API, we send back the response to Google API to validate the data. This is done to ensure the response came from SafetyNet API. We do that using Retrofit. A Retrofit Interface is created with getResult() method. We pass API Key as a Query parameter.

package com.learn2crack.safetynet.network;

import com.learn2crack.safetynet.model.JWSRequest;
import com.learn2crack.safetynet.model.Response;

import retrofit2.Call;
import retrofit2.http.Body;
import retrofit2.http.POST;
import retrofit2.http.Query;

public interface RetrofitInterface {

    @POST("verify")
    Call<Response> getResult(@Body JWSRequest request, @Query("key") String apiKey);
}

In the initViews() method we initialize all the widgets. The initClient() method initializes Google API Client with SafetyNet API. It has two callback methods onConnected() and onConnectionSuspended() method. The isConnected boolean is used to check whether the Google API client is connected or not.

The getRequestNonce() method is used to create a Cryptographic nonce. We use current system time as milliseconds as the nonce.

The startVerification() method is used to verify with SafetyNet API. We use attest() method for verification which takes API Client object and nonce. It returns SafetyNetApi.AttestationResult object. From that, we obtain JWS string using the getJwsResult() method.

Then we use verifyOnline() method to validate the received string using Retrofit. If the result is successfully validated, the JWS is decoded using decodeJWS() method. Finally, the results are displayed in CardView using displayResults() method.

package com.learn2crack.safetynet;

import android.support.annotation.NonNull;
import android.support.annotation.Nullable;
import android.support.design.widget.FloatingActionButton;
import android.support.v4.content.ContextCompat;
import android.support.v7.app.AppCompatActivity;
import android.os.Bundle;
import android.support.v7.widget.CardView;
import android.util.Base64;
import android.util.Log;
import android.view.View;
import android.widget.ImageView;
import android.widget.ProgressBar;
import android.widget.Toast;

import com.google.android.gms.common.api.GoogleApiClient;
import com.google.android.gms.common.api.ResultCallback;
import com.google.android.gms.common.api.Status;
import com.google.android.gms.safetynet.SafetyNet;
import com.google.android.gms.safetynet.SafetyNetApi;
import com.google.gson.Gson;
import com.learn2crack.safetynet.model.JWS;
import com.learn2crack.safetynet.model.JWSRequest;
import com.learn2crack.safetynet.model.Response;
import com.learn2crack.safetynet.network.RetrofitInterface;

import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.nio.charset.StandardCharsets;
import java.util.Random;

import retrofit2.Call;
import retrofit2.Callback;
import retrofit2.Retrofit;
import retrofit2.converter.gson.GsonConverterFactory;

public class MainActivity extends AppCompatActivity implements GoogleApiClient.ConnectionCallbacks {

    public static final String GOOGLE_API_VERIFY_URL = "https://www.googleapis.com/androidcheck/v1/attestations/";

    public static final String TAG = MainActivity.class.getSimpleName();

    private GoogleApiClient mGoogleApiClient;

    private boolean isConnected = false;

    private FloatingActionButton mButton;
    private CardView mCvIntegrity;
    private CardView mCvCTS;
    private ImageView mIvIntegrity;
    private ImageView mIvCTS;
    private ProgressBar mProgressBar;

    @Override
    protected void onCreate(Bundle savedInstanceState) {
        super.onCreate(savedInstanceState);
        setContentView(R.layout.activity_main);

        initViews();
        initClient();
    }

    private void initViews() {

        mButton = (FloatingActionButton) findViewById(R.id.btn_proceed);
        mCvIntegrity = (CardView) findViewById(R.id.card_integrity);
        mCvCTS = (CardView) findViewById(R.id.card_cts);
        mIvIntegrity = (ImageView) findViewById(R.id.img_integrity);
        mIvCTS = (ImageView) findViewById(R.id.img_cts);
        mProgressBar = (ProgressBar) findViewById(R.id.progress);

        mButton.setOnClickListener(new View.OnClickListener() {
            @Override
            public void onClick(View v) {

                if (isConnected) {

                    mCvCTS.setVisibility(View.INVISIBLE);
                    mCvIntegrity.setVisibility(View.INVISIBLE);
                    mProgressBar.setVisibility(View.VISIBLE);
                    startVerification();

                } else {

                    Toast.makeText(MainActivity.this, "Client not connected !", Toast.LENGTH_SHORT).show();
                }
            }
        });
    }

    private void initClient() {

        mGoogleApiClient = new GoogleApiClient.Builder(this)
                .addApi(SafetyNet.API)
                .addConnectionCallbacks(this)
                .build();

        mGoogleApiClient.connect();
    }

    @Override
    public void onConnected(@Nullable Bundle bundle) {

        Log.d(TAG, "onConnected: ");

        isConnected = true;

    }

    @Override
    public void onConnectionSuspended(int i) {

        isConnected = false;
    }

    private void startVerification() {

        final byte[] nonce = getRequestNonce();

        SafetyNet.SafetyNetApi.attest(mGoogleApiClient, nonce)
                .setResultCallback(new ResultCallback<SafetyNetApi.AttestationResult>() {
                    @Override
                    public void onResult(@NonNull SafetyNetApi.AttestationResult attestationResult) {

                        Status status = attestationResult.getStatus();

                        if (status.isSuccess()) {

                            String  jwsResult = attestationResult.getJwsResult();

                            verifyOnline(jwsResult);

                        } else {

                            mProgressBar.setVisibility(View.GONE);
                            Toast.makeText(MainActivity.this, "Error !", Toast.LENGTH_SHORT).show();
                        }
                    }
                });
    }

    private void verifyOnline(final String jws) {

        Retrofit retrofit = new Retrofit.Builder()
                .baseUrl(GOOGLE_API_VERIFY_URL)
                .addConverterFactory(GsonConverterFactory.create())
                .build();

        RetrofitInterface retrofitInterface = retrofit.create(RetrofitInterface.class);

        JWSRequest jwsRequest = new JWSRequest();
        jwsRequest.setSignedAttestation(jws);
        Call<Response> responseCall = retrofitInterface.getResult(jwsRequest, getString(R.string.api_key));

        responseCall.enqueue(new Callback<Response>() {
            @Override
            public void onResponse(Call<Response> call, retrofit2.Response<Response> response) {

                boolean result = response.body().isValidSignature();

                if (result) {

                    decodeJWS(jws);

                } else {

                    mProgressBar.setVisibility(View.GONE);
                    Toast.makeText(MainActivity.this, "Verification Error !", Toast.LENGTH_SHORT).show();
                }
            }

            @Override
            public void onFailure(Call<Response> call, Throwable t) {

                mProgressBar.setVisibility(View.GONE);
                Log.d(TAG, "onFailure: "+t.getLocalizedMessage());
                Toast.makeText(MainActivity.this, t.getLocalizedMessage(), Toast.LENGTH_SHORT).show();
            }
        });
    }

    private void decodeJWS(String jwsString) {

        byte[] json = Base64.decode(jwsString.split("[.]")[1],Base64.DEFAULT);
        String text = new String(json, StandardCharsets.UTF_8);

        Gson gson = new Gson();
        JWS jws = gson.fromJson(text, JWS.class);

        displayResults(jws.isBasicIntegrity(), jws.isCtsProfileMatch());
    }

    private byte[] getRequestNonce() {

        String data = String.valueOf(System.currentTimeMillis());

        ByteArrayOutputStream byteStream = new ByteArrayOutputStream();
        byte[] bytes = new byte[24];
        Random random = new Random();
        random.nextBytes(bytes);
        try {
            byteStream.write(bytes);
            byteStream.write(data.getBytes());
        } catch (IOException e) {
            return null;
        }

        return byteStream.toByteArray();
    }

    private void displayResults(boolean integrity, boolean cts) {

        mProgressBar.setVisibility(View.GONE);

        if (integrity) {

            mIvIntegrity.setImageResource(R.drawable.ic_check_circle_white);
            mCvIntegrity.setCardBackgroundColor(ContextCompat.getColor(this, R.color.colorSuccess));

        } else {

            mIvIntegrity.setImageResource(R.drawable.ic_error_white);
            mCvIntegrity.setCardBackgroundColor(ContextCompat.getColor(this, R.color.colorFailure));
        }

        mCvIntegrity.setVisibility(View.VISIBLE);

        if (cts) {

            mIvCTS.setImageResource(R.drawable.ic_check_circle_white);
            mCvCTS.setCardBackgroundColor(ContextCompat.getColor(this, R.color.colorSuccess));

        } else {

            mIvCTS.setImageResource(R.drawable.ic_error_white);
            mCvCTS.setCardBackgroundColor(ContextCompat.getColor(this, R.color.colorFailure));
        }

        mCvCTS.setVisibility(View.VISIBLE);
    }

}

Let’s see what SafetyNet returns for devices under different scenarios. The first result is returned for Android Emulator.

Android Emulator

The second result is returned for OnePlus One running a custom ROM.

OnePlus One running a custom ROM.

The third result is from Galaxy S6 running stock ROM.

Galaxy S6 running stock ROM.

You can download the complete project as zip or fork from our Github repository.

Stay tuned!

Enjoy coding 🙂