Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Android SafetyNet API fails when using API key restriction

When setting restriction to an API key the Attestation API stops working: OnFailureListener gets fired with the CANCELLED(16) status code

The restrictions are the android package name and the certificate signature(SHA-1)

enter image description here

Does the SafetyNet Attestation API support restricted API keys ?

Note: the same API key with the additional restriction works fine with Google Maps API

UPDATE: On devices running Google Play Services v13.0 and above, the SafetyNet Attestation API also supports app-restricted API keys. https://developer.android.com/training/safetynet/attestation

like image 581
Mickey Tin Avatar asked Apr 26 '18 08:04

Mickey Tin


1 Answers

I've contacted a friend of mine at Google, and he reached out to their team. This is currently not supported - there's no way to get this API restricted with the SHA1 fingerprint. It's on their internal roadmap to accommodate this, but for now it won't work.

If you go to their quota request page you can see that they specifically say not to use any form of API key restrictions.

like image 113
Carl Anderson Avatar answered Oct 25 '22 08:10

Carl Anderson