Android SafetyNet API fails when using API key restriction

Question

When setting restriction to an API key the Attestation API stops working: OnFailureListener gets fired with the CANCELLED(16) status code

The restrictions are the android package name and the certificate signature(SHA-1)

Does the SafetyNet Attestation API support restricted API keys ?

Note: the same API key with the additional restriction works fine with Google Maps API

UPDATE: On devices running Google Play Services v13.0 and above, the SafetyNet Attestation API also supports app-restricted API keys. https://developer.android.com/training/safetynet/attestation

Answer 1

I've contacted a friend of mine at Google, and he reached out to their team. This is currently not supported - there's no way to get this API restricted with the SHA1 fingerprint. It's on their internal roadmap to accommodate this, but for now it won't work.

If you go to their quota request page you can see that they specifically say not to use any form of API key restrictions.