Additional code tampering protection for Android applications
- Aubrey Kilian
- Sharmeen Hussain
IMPORTANT NOTICE: The mobile SDK has been deprecated and no longer offered as an integration option in greenID. For alternative options, please contact your GBG account representative.
If clients want additional security and protection against code tampering of their Android applications, this page lists some suggested reading.
Android SafetyNet
Google's SafetyNet provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.
Specifically, the SafetyNet Attestation API is of use to detect device and/or code tampering. Integrating the SafetyNet Attestation API requires several steps, including server-side code to verify certain values returned from Google's services.
The Android website has a handy checklist to verify all required steps to integrate the Attestation API were completed.
The SafetyNet Attestation API needs to be integrated into a client's application, and cannot be integrated into the greenID Mobile SDK, as the interaction between the application+device and Google's services, is linked to the application itself.
Additional reading
The following websites were found to have useful information on additional tamper detection methods inside Android applications: