Skip to content

Most visited

Recently visited

navigation

SafetyNet Verify Apps API

The SafetyNet Verify Apps API allows your app to interact programmatically with the Verify Apps feature on a device, protecting the device against potentially harmful apps.

If your app handles sensitive user data, such as financial information, you should confirm that the current device is protected against malicious apps and is free of apps which may impersonate it or perform other malicious actions. If the security of the device doesn't meet the minimum security posture, you can disable functionality within your own app to reduce the danger to the user.

As part of its continuing commitment to make the Android ecosystem as safe as possible, Google monitors and profiles the behavior of Android apps. If the Verify Apps feature detects a potentially dangerous app, all users who have installed the app are notified and encouraged to promptly uninstall the app. This process protects the security and privacy of these users.

The SafetyNet Verify Apps API allows you to leverage this feature to protect your app's data. By using this API, you can determine whether a user's device is protected by the Verify Apps feature, encourage users not already using the feature to opt in to its protection, and identify any known potentially harmful apps that are installed on the device.

Caution: Although SafetyNet alerts users of potentially harmful apps, some users choose not to uninstall these apps, or they don't see the warning notification. Therefore, a device could have potentially harmful apps installed, even when the Verify Apps feature is enabled.

Additional Terms of Service

By accessing or using the SafetyNet APIs, you agree to the Google APIs Terms of Service, and to these Additional Terms. Please read and understand all applicable terms and policies before accessing the APIs.

Verify Apps API Terms of Service

The analyses of apps that identify potential harmful apps may yield both false positives and false negatives. The results (or lack thereof) returned from this API suite are presented to the best of our understanding. You acknowledge and understand that the results returned by this SafetyNet API suite are not guaranteed to be accurate at all times.

Enabling app verification

The SafetyNet Verify Apps API provides two methods for enabling the Verify Apps feature. You can determine whether app verification is enabled using isVerifyAppsEnabled(), and you can request enabling of app verification using enableVerifyApps().

The difference between these two methods is that while isVerifyAppsEnabled() reports the current status of the Verify Apps feature, enableVerifyApps() explicitly asks the user for consent to use the feature. If you want your app to just be aware of the feature's status to make a security-driven decision, your app should call isVerifyAppsEnabled(). However, if you want to be sure that your app can list potentially harmful installed apps, you should call enableVerifyApps() instead.

Determine whether app verification is enabled

The asynchronous isVerifyAppsEnabled() method allows your app to determine whether the user is enrolled in the Verify Apps feature. This method returns a VerifyAppsUserResult object, which contains information regarding all actions that the user has taken related to the Verify Apps feature, including enabling it.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .isVerifyAppsEnabled()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is enabled.");
                } else {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is disabled.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

Request enabling of app verification

The asynchronous enableVerifyApps() method allows your app to invoke a dialog requesting that the user enable the Verify Apps feature. This method returns a VerifyAppsUserResult object, which contains information regarding all actions that the user has taken related to the Verify Apps feature, including whether they've given consent to enable it.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .enableVerifyApps()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The user gave consent " +
                          "to enable the Verify Apps feature.");
                } else {
                    Log.d("MY_APP_TAG", "The user didn't give consent " +
                          "to enable the Verify Apps feature.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

Your app can encounter several corner cases when using this method:

Listing potentially harmful installed apps

The asynchronous listHarmfulApps() method allows you to obtain a list of any known potentially harmful apps that the user has installed on their device. This list includes categories for the identified potentially harmful apps so that your app can take appropriate action.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .listHarmfulApps()
    .addOnCompleteListener(new OnCompleteListener<HarmfulAppsResponse>() {
        @Override
        public void onComplete(Task<HarmfulAppsResponse> task) {
            Log.d(TAG, "Received listHarmfulApps() result");

            if (task.isSuccessful()) {
                HarmfulAppsResponse result = task.getResult();
                long scanTimeMs = result.getLastScanTimeMs();

                List<HarmfulAppsData> appList = result.getHarmfulAppsList();
                if (appList.isEmpty()) {
                    Log.d("MY_APP_TAG", "There are no known " +
                          "potentially harmful apps installed.");
                } else {
                    Log.e("MY_APP_TAG",
                          "Potentially harmful apps are installed!");

                    for (HarmfulAppsData harmfulApp : appList) {
                        Log.e("MY_APP_TAG", "Information about a harmful app:");
                        Log.e("MY_APP_TAG",
                              "  APK: " + harmfulApp.apkPackageName);
                        Log.e("MY_APP_TAG",
                              "  SHA-256: " + harmfulApp.apkSha256);

                        // Categories are defined in VerifyAppsConstants.
                        Log.e("MY_APP_TAG",
                              "  Category: " + harmfulApp.apkCategory);
                    }
                }
            } else {
                Log.d("MY_APP_TAG", "An error occurred. " +
                      "Call isVerifyAppsEnabled() to ensure " +
                      "that the user has consented.");
            }
        }
    });
This site uses cookies to store your preferences for site-specific language and display options.

Get the latest Android developer news and tips that will help you find success on Google Play.

* Required Fields

Hooray!

Browse this site in ?

You requested a page in , but your language preference for this site is .

Would you like to change your language preference and browse this site in ? If you want to change your language preference later, use the language menu at the bottom of each page.

This class requires API level or higher

This doc is hidden because your selected API level for the documentation is . You can change the documentation API level with the selector above the left navigation.

For more information about specifying the API level your app requires, read Supporting Different Platform Versions.

Take a one-minute survey?
Help us improve Android tools and documentation.