跳转到相应内容

最常访问

最近访问

navigation

SafetyNet Verify Apps API

The SafetyNet Verify Apps API allows your app to interact programmatically with the Verify Apps feature on a device, protecting the device against potentially harmful apps.

If your app handles sensitive user data, such as financial information, you should confirm that the current device is protected against malicious apps and is free of apps which may impersonate it or perform other malicious actions. If the security of the device doesn't meet the minimum security posture, you can disable functionality within your own app to reduce the danger to the user.

As part of its continuing commitment to make the Android ecosystem as safe as possible, Google monitors and profiles the behavior of Android apps. If the Verify Apps feature detects a potentially dangerous app, all users who have installed the app are notified and encouraged to promptly uninstall the app. This process protects the security and privacy of these users.

The SafetyNet Verify Apps API allows you to leverage this feature to protect your app's data. By using this API, you can determine whether a user's device is protected by the Verify Apps feature, encourage users not already using the feature to opt in to its protection, and identify any known potentially harmful apps that are installed on the device.

Caution: Although SafetyNet alerts users of potentially harmful apps, some users choose not to uninstall these apps, or they don't see the warning notification. Therefore, a device could have potentially harmful apps installed, even when the Verify Apps feature is enabled.

Additional Terms of Service

By accessing or using the SafetyNet APIs, you agree to the Google APIs Terms of Service, and to these Additional Terms. Please read and understand all applicable terms and policies before accessing the APIs.

Verify Apps API Terms of Service

The analyses of apps that identify potential harmful apps may yield both false positives and false negatives. The results (or lack thereof) returned from this API suite are presented to the best of our understanding. You acknowledge and understand that the results returned by this SafetyNet API suite are not guaranteed to be accurate at all times.

Enabling app verification

The SafetyNet Verify Apps API provides two methods for enabling the Verify Apps feature. You can determine whether app verification is enabled using isVerifyAppsEnabled(), and you can request enabling of app verification using enableVerifyApps().

The difference between these two methods is that while isVerifyAppsEnabled() reports the current status of the Verify Apps feature, enableVerifyApps() explicitly asks the user for consent to use the feature. If you want your app to just be aware of the feature's status to make a security-driven decision, your app should call isVerifyAppsEnabled(). However, if you want to be sure that your app can list potentially harmful installed apps, you should call enableVerifyApps() instead.

Determine whether app verification is enabled

The asynchronous isVerifyAppsEnabled() method allows your app to determine whether the user is enrolled in the Verify Apps feature. This method returns a VerifyAppsUserResult object, which contains information regarding all actions that the user has taken related to the Verify Apps feature, including enabling it.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .isVerifyAppsEnabled()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is enabled.");
                } else {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is disabled.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

Request enabling of app verification

The asynchronous enableVerifyApps() method allows your app to invoke a dialog requesting that the user enable the Verify Apps feature. This method returns a VerifyAppsUserResult object, which contains information regarding all actions that the user has taken related to the Verify Apps feature, including whether they've given consent to enable it.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .enableVerifyApps()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The user gave consent " +
                          "to enable the Verify Apps feature.");
                } else {
                    Log.d("MY_APP_TAG", "The user didn't give consent " +
                          "to enable the Verify Apps feature.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

Your app can encounter several corner cases when using this method:

Listing potentially harmful installed apps

The asynchronous listHarmfulApps() method allows you to obtain a list of any known potentially harmful apps that the user has installed on their device. This list includes categories for the identified potentially harmful apps so that your app can take appropriate action.

The following code snippet shows how to create the callback associated with this method:

SafetyNet.getClient(this)
    .listHarmfulApps()
    .addOnCompleteListener(new OnCompleteListener<HarmfulAppsResponse>() {
        @Override
        public void onComplete(Task<HarmfulAppsResponse> task) {
            Log.d(TAG, "Received listHarmfulApps() result");

            if (task.isSuccessful()) {
                HarmfulAppsResponse result = task.getResult();
                long scanTimeMs = result.getLastScanTimeMs();

                List<HarmfulAppsData> appList = result.getHarmfulAppsList();
                if (appList.isEmpty()) {
                    Log.d("MY_APP_TAG", "There are no known " +
                          "potentially harmful apps installed.");
                } else {
                    Log.e("MY_APP_TAG",
                          "Potentially harmful apps are installed!");

                    for (HarmfulAppsData harmfulApp : appList) {
                        Log.e("MY_APP_TAG", "Information about a harmful app:");
                        Log.e("MY_APP_TAG",
                              "  APK: " + harmfulApp.apkPackageName);
                        Log.e("MY_APP_TAG",
                              "  SHA-256: " + harmfulApp.apkSha256);

                        // Categories are defined in VerifyAppsConstants.
                        Log.e("MY_APP_TAG",
                              "  Category: " + harmfulApp.apkCategory);
                    }
                }
            } else {
                Log.d("MY_APP_TAG", "An error occurred. " +
                      "Call isVerifyAppsEnabled() to ensure " +
                      "that the user has consented.");
            }
        }
    });
此网站会使用 Cookie 来存储您在此网站上指定的语言和显示选项偏好设置。

获取最新的 Android Developers 资讯和提示,助您在 Google Play 上取得成功。

* 必填字段

成功!

在微信上关注 Google Developers

要以浏览此网站吗?

您请求访问的是网页,但是您为此网站设置的语言偏好为

要更改您的语言偏好设置并以浏览此网站吗?如果以后您想要更改语言偏好设置,请使用每个页面底部的语言菜单。

该类需要 或更高的 API 级别

此文档已被隐藏,因为您为该文档选择的 API 级别是 。您可以使用左侧导航栏上方的选择器来更改文档的 API 级别。

要详细了解如何根据您的应用需求指定 API 级别,请参阅支持不同平台版本

Take a short survey?
Help us improve the Android developer experience. (April 2018 — Developer Survey)