Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to open and check whether Play Protect is enabled or disabled

    minSdkVersion 18
    targetSdkVersion 27

Using below code, I can able to open the Google Settings page.

private static final String GOOGLE_SETTINGS_COMPONENT = "com.google.android.gms";
private static final String GOOGLE_SETTINGS_ACTIVITY = ".app.settings.GoogleSettingsActivity";
Intent i = new Intent();
i.setClassName(GOOGLE_SETTINGS_COMPONENT,GOOGLE_SETTINGS_COMPONENT + GOOGLE_SETTINGS_ACTIVITY);
try {
      startActivity(i);
} catch (android.content.ActivityNotFoundException ex) {
      Toast.makeText(getApplicationContext(), "Activity Not Found", Toast.LENGTH_LONG).show();
 }
  1. Is it possible to directly open the Google Settings --> Security --> Google Play Protect page.
  2. How to check whether the Scan device for security threats option is enabled or disabled?
like image 349
Gvtha Avatar asked Jan 04 '23 03:01

Gvtha


1 Answers

1) Is it possible to directly open the Google Settings --> Security --> Google Play Protect page ?

You can use the com.google.android.gms.security.settings.VerifyAppsSettingsActivity intent to launch play protect screen directly as below.

val intent = Intent()
intent.setComponent(ComponentName("com.google.android.gms", "com.google.android.gms.security.settings.VerifyAppsSettingsActivity"))
startActivity(intent)

Here is the meta data of playstore APK you can see all available activities out there.

2) How to check whether the Scan device for security threats option is enabled or disabled?

Developers can get similar security insights into the installed apps landscape on user devices from the SafetyNet Verify Apps API. This new suite of APIs lets developers determine whether a user's device is protected by Google Play Protect, encourage users not already using Google Play Protect to enable it, and identify any known potentially harmful apps (PHAs) that are installed on the device.

These APIs are especially useful for developers of apps that may be impacted by installed PHAs on the same device as their app. Determining that Google Play Protect is enabled with isVerifyAppsEnabled() gives developers additional assurance that a device is more likely to be clean. If a device doesn't have Google Play Protect enabled, developers can request that the user enable Google Play Protect with enableVerifyApps(). With Google Play Protect enabled, developers can use the listHarmfulApps() method to determine whether there are any potentially harmful apps installed on a user's device. This easy-to-use suite of features does not require API keys and requesting quota.

Compile com.google.android.gms:play-services-safetynet:11.6.0 and use the below code.

Determine whether app verification is enabled

SafetyNet.getClient(this)
    .isVerifyAppsEnabled()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is enabled.");
                } else {
                    Log.d("MY_APP_TAG", "The Verify Apps feature is disabled.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

Request enabling of app verification

SafetyNet.getClient(this)
    .enableVerifyApps()
    .addOnCompleteListener(new OnCompleteListener<VerifyAppsUserResponse>() {
        @Override
        public void onComplete(Task<VerifyAppsUserResponse> task) {
            if (task.isSuccessful()) {
                VerifyAppsUserResponse result = task.getResult();
                if (result.isVerifyAppsEnabled()) {
                    Log.d("MY_APP_TAG", "The user gave consent " +
                          "to enable the Verify Apps feature.");
                } else {
                    Log.d("MY_APP_TAG", "The user didn't give consent " +
                          "to enable the Verify Apps feature.");
                }
            } else {
                Log.e("MY_APP_TAG", "A general error occurred.");
            }
        }
    });

For better protection, developers should use the attestation API along with the new Verify Apps API. Use the attestation API first to establish that the device has not been modified from a known state. Once the Android system can be trusted, the results from the Verify Apps API can be trusted.

P.S. Read through the Additional TOS prior using the API

like image 105
Anoop M Maddasseri Avatar answered Jan 17 '23 12:01

Anoop M Maddasseri