Upgrade to Pro — share decks privately, control downloads, hide ads and more …

We all need some Safety net...

Yossi Elkrief
December 28, 2017
Programming
0
100

We all need some Safety net...

Android Safety net talk on Droidcon 2017 with some slides shown at Google cloud next 2017

Yossi Elkrief

December 28, 2017
Tweet

More Decks by Yossi Elkrief

See All by Yossi Elkrief
From data to View
matrixy
0
83
Android Memory , Where is all My RAM
matrixy
0
83
Android Marshmallow demos
matrixy
0
30
DroidCon TLV 2015 - Hey android, mirror mirror all day long
matrixy
0
53
Gdg android design for ui developers
matrixy
0
30
Fragments anyone ?
matrixy
0
26

Other Decks in Programming

See All in Programming
CSC509 Lecture 09
javiergs
PRO
0
140
Generative AI Use Cases JP (略称:GenU)奮闘記
hideg
1
300
Functional Event Sourcing using Sekiban
tomohisa
0
100
Amazon Qを使ってIaCを触ろう!
maruto
0
420
よくできたテンプレート言語として TypeScript + JSX を利用する試み / Using TypeScript + JSX outside of Web Frontend #TSKaigiKansai
izumin5210
6
1.8k
Less waste, more joy, and a lot more green: How Quarkus makes Java better
hollycummins
0
100
Duckdb-Wasmでローカルダッシュボードを作ってみた
nkforwork
0
130
Laravel や Symfony で手っ取り早く
OpenAPI のドキュメントを作成する
azuki
2
120
카카오페이는 어떻게 수천만 결제를 처리할까? 우아한 결제 분산락 노하우
kakao
PRO
0
110
OSSで起業してもうすぐ10年 / Open Source Conference 2024 Shimane
furukawayasuto
0
110
Figma Dev Modeで変わる!Flutterの開発体験
watanave
0
150
AI時代におけるSRE、
あるいはエンジニアの生存戦略
pyama86
6
1.2k

Featured

See All Featured
Git: the NoSQL Database
bkeepers
PRO
427
64k
Building a Modern Day 
E-commerce SEO Strategy
aleyda
38
6.9k
10 Git Anti Patterns You Should be Aware of
lemiorhan
655
59k
Speed Design
sergeychernyshev
25
620
Dealing with People You Can't Stand - Big Design 2015
cassininazir
364
24k
The Invisible Side of Design
smashingmag
298
50k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
109
49k
Site-Speed That Sticks
csswizardry
0
31
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
93
16k
How STYLIGHT went responsive
nonsquared
95
5.2k
Building a Scalable Design System with Sketch
lauravandoore
459
33k
StorybookのUI Testing Handbookを読んだ
zakiyama
27
5.3k

Transcript

  1. None

  2. We all need some Safety net… Yossi Elkrief Mobile Lead,

    StreamElements twitter @elkriefy
  3. None

  4. ! Detecting abuse. ! Uses Google's APIs

  5. None

  6. SafetyNet Protecting Android users
 applying data driven security apps and

    services
  7. None
  8. None
  9. None
  10. None
  11. None
  12. None
  13. None
  14. None
  15. None

  16. Verify Apps

  17. None
  18. None
  19. None

  20. val verifyAppsEnabled = SafetyNet.getClient(this) .isVerifyAppsEnabled A }E

  21. val verifyAppsEnabled = SafetyNet.getClient(this) .isVerifyAppsEnabled A verifyAppsEnabled.addOnCompleteListener { task ->

    if (task.isSuccessful) {B val result = task.result if (result.isVerifyAppsEnabled) { Log.d(TAG, "The Verify Apps feature is enabled.") } else {C Log.d(TAG, "The Verify Apps feature is disabled.") } } else { Log.e(TAG, "A general error occurred.") }D }E

  22. val enableVerifyApps = SafetyNet.getClient(this) .enableVerifyApps() A }C

  23. val enableVerifyApps = SafetyNet.getClient(this) .enableVerifyApps() A enableVerifyApps.addOnCompleteListener { task ->

    if (task.isSuccessful) {B val result = task.result if (result.isVerifyAppsEnabled) { //DO Something user agreed } else { //DO Something user declined } } else { //DO Something general error }}C
  24. None
  25. None
  26. None
  27. None
  28. None
  29. None
  30. None

  31. Let’s add SafetyNet Attestation API into our app!

  32. val nonceData = "Droidcon IL Safety Net Sample: " +

    System.currentTimeMillis() val nonce = getRequestNonce(nonceData) val client = SafetyNet.getClient(this) val task = client.attest(nonce!!, BuildConfig.API_KEY) task.addOnSuccessListener(this, mSuccessListener) .addOnFailureListener(this, mFailureListener)

  33. MaTriXy/SafetyNetSample

  34. Sucessfully verified the signature of the attestation statement. The content

    of the attestation statement is: Nonce: [-54, 55, 98, -78, 80, 81, -113, 126, -58, 122, -91, 86, 61, 35, -63, -90, 122, 20, -44, 73, 17, -4, 82, 33, 83, 97, 102, 101, 116, 121, 32, 78, 101,116, 32, 83, 97, 109, 112, 108, 101, 58, 32, 49, 53, 49, 52, 50, 48, 57, 49, 57, 51, 56, 48, 54] Timestamp: 1514209197260 ms Result

  35. APK package name: com.elkriefy.apps.android.safetynetsample APK digest SHA256: [-91, 2, -17,

    -32, 78, -93, 75, 84, 94, 82, 116, 37 , -103,-98, 49, -77, -89, 8, -118, -120, -42, 34, -67, -61, -39, 109, 104, -71, -32, 62, 71, -46] CTS profile match: true Basic integrity match: true Result ctd..
  36. None

  37. Determine whether a URL a known threat.

  38. Determine whether a URL a known threat. Choose threat types

    important for your needs.

  39. //Init safeBrowsing Tasks.await(SafetyNet.getClient(this@MainActivity).initSafeBrowsing())

  40. initSafeBrowsing() Wait to Finish //Init safeBrowsing Tasks.await(SafetyNet.getClient(this@MainActivity).initSafeBrowsing())

  41. //ShutDown Safe Browsing... SafetyNet.getClient(this).shutdownSafeBrowsing()

  42. reCAPTCHA API

  43. None

  44. Thank You!