44CON 2017 has ended
Back To Schedule
Friday, September 15 • 11:00 - 11:59
Colin Mulliner - Inside Android’s SafetyNet Attestation: What it can and can’t do lessons learned from a large scale deployment

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

There are many reasons for protecting your mobile applications against modification and tampering. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android’s SafetyNet Attestation infrastructure to ensure the integrity of your application and the user’s device. Unfortunately, SafetyNet Attestation is not well documented by Google.

This talk provides a deep dive into SafetyNet Attestation. We show what level of attestation SafetyNet provides and what it can’t do. The talk is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. We turned SafetyNet upside down to find its flaws and shortcomings. This talk will provide you with everything you need to know about Android’s SafetyNet Attestation and will help you to implement and use it in your app.


Friday September 15, 2017 11:00 - 11:59 BST
*Track 1*

Attendees (5)