This page presents a checklist to ensure that you've completed each of the steps needed to integrate the SafetyNet Attestation API into your app.
Before submitting a quota increase request, make sure you've addressed each of the steps listed on this page.
Checklist Version: June 2018
| App name: __________________________________________ | Version: _________________________ |
| Checked by: _________________________________________ | Date: ____________________________ |
| Checklist Questions | |
|---|---|
| 1. Did you apply for an API key, and is the key used in your app? | |
2. Does the app use
SafetyNetClient, instead of the deprecated
SafetyNetApi?
|
|
| 3. Does the app verify that the latest version of Google Play services is installed? | |
| 4. Are you creating and using large (16 bytes or longer) random nonces on your server with a cryptographically secure random generator? | |
| 5. Are you verifying the results of the API on a server that you control? | |
| 6. Did you implement a JWS signature validator in your own server, such as the one in the code samples we offer? | |
| 7. Did you make sure you are not using the Android Device Verification API to validate response messages, as it is meant for test purposes only? | |
| 8. Does your server verify the nonce, timestamp, APK name, and APK signing certificate hash included in the attestation response? | |
9. Do you understand the
difference
between ctsProfileMatch and basicIntegrity?
|
|
| 10. Does your server use other signals in addition to SafetyNet to detect abuse? | |
| 11. Does your app work even if SafetyNet doesn't work because of connection, quota, or other transient errors? | |
| 12. Does your app handle transient errors by retrying the request with an increasing amount of time between retries (exponential backoff)? | |
| 13. Do you have a system in place that monitors your quota usage and lets you know if you are close to exceeding it? | |
| 14. Do you know the process of getting a quota increase? | |