Devices with a system image built directly from the Android Open Source Program source files.
"apkDigestSha256 ": "base64 encoded, SHA-256 hash of the app's APK ", The following is a sample attestation result: These parameters are absent if the API cannot reliably determine the APK information. apkPackageName, apkCertificateDigestSha256, apkDigestSha256: Provide information about the APK, which is used to verify the identity of the calling app.A delayed response may suggest suspicious activity. timestampMs: To check how much time has passed since you made the request and you got the response.nonces: To match the response to its request.basicIntegrity: If 'true', the device running the app likely hasn't been tampered with.ctsProfileMatch: If 'true', the device profile matches one of Google's listed devices.To use the API, an app may call the SafetyNetApi.attest method (which returns a JWS message with the Attestation Result) and then check the following fields: An analysis by John Kozyrakis showed that SafetyNet also attempts to detect whether the device is rooted, but exactly how that's determined is unclear.
When you call this API, SafetyNet downloads a binary package containing the device validation code provided from Google, and the code is then dynamically executed via reflection. How exactly SafetyNet works is not well documented and may change at any time. Google recommends using the feature as "an additional in-depth defense signal as part of an anti-abuse system". This profile is then compared to a list of accepted device models that have passed Android compatibility testing.
SafetyNet is an Android API that provides a set of services and creates profiles of devices according to software and hardware information. Root detection can also be implemented through libraries such as RootBeer. You'll find some of these methods implemented in the crackme examples that accompany the OWASP Mobile Testing Guide. In the following section, we list some common root detection methods you'll encounter. Like most other defenses, root detection is not very effective by itself, but implementing multiple root checks that are scattered throughout the app can improve the effectiveness of the overall anti-tampering scheme.įor Android, we define "root detection" a bit more broadly, including custom ROMs detection, i.e., determining whether the device is a stock Android build or a custom build. In the context of anti-reversing, the goal of root detection is to make running the app on a rooted device a bit more difficult, which in turn blocks some of the tools and techniques reverse engineers like to use. Android Anti-Reversing Defenses Testing Root Detection (MSTG-RESILIENCE-1) Overview