This page presents a checklist to ensure that you've completed each of the steps needed to integrate the SafetyNet Attestation API into your app.
Before submitting a quota increase request, make sure you've addressed each of the steps listed on this page.
Checklist Version: June 2018
App name: __________________________________________ | Version: _________________________ |
Checked by: _________________________________________ | Date: ____________________________ |
Checklist Questions | |
---|---|
1. Did you apply for an API key, and is the key used in your app? | |
2. Does the app use
SafetyNetClient , instead of the deprecated
SafetyNetApi ?
|
|
3. Does the app verify that the latest version of Google Play services is installed? | |
4. Are you creating and using large (16 bytes or longer) random nonces on your server with a cryptographically secure random generator? | |
5. Are you verifying the results of the API on a server that you control? | |
6. Did you implement a JWS signature validator in your own server, such as the one in the code samples we offer? | |
7. Did you make sure you are not using the Android Device Verification API to validate response messages, as it is meant for test purposes only? | |
8. Does your server verify the nonce, timestamp, APK name, and APK signing certificate hash included in the attestation response? | |
9. Do you understand the
difference
between ctsProfileMatch and basicIntegrity ?
|
|
10. Does your server use other signals in addition to SafetyNet to detect abuse? | |
11. Does your app work even if SafetyNet doesn't work because of connection, quota, or other transient errors? | |
12. Does your app handle transient errors by retrying the request with an increasing amount of time between retries (exponential backoff)? | |
13. Do you have a system in place that monitors your quota usage and lets you know if you are close to exceeding it? | |
14. Do you know the process of getting a quota increase? |