The SafetyNet Attestation API helps you assess the security and compatibility of the Android environments in which your apps run. You can use this API to analyze devices that have installed your app.'
Please check the documentation here.
The plugin won't work iOS, because SafetyNet is only available for Android devices.
- Open the Google APIs console and enable Android Device Verification API
- Create your API key
- In your Android project, please add the SafetyNet API key in your
AndroidManifest.xml
:
<meta-data android:name="safetynet_api_key"
android:value="yourapikey"/>
The SafetyNet API is requiring a working version of the Google Play Services. A method is available to check if they are available on the device:
FlutterSafetynetAttestation.googlePlayServicesAvailability();
Then you have to pass a nonce (in a String or a byte array) to the following method:
FlutterSafetynetAttestation.safetyNetAttestationJwt('<your-nonce>');
It will then return a JWT string. Google recommends to check this JWT on your server. Please read the official documentation for more details.
If you want to get directly the payload from the JWT string, you can call instead:
FlutterSafetynetAttestation.safetyNetAttestationPayload('<your-nonce>');
You will then receive a JWSPayload object with this kind of content:
{
"nonce": "R2Rra24fVm5xa2Mg",
"timestampMs": 9860437986543,
"apkPackageName": "com.package.name.of.requesting.app",
"apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the
certificate used to sign requesting app"],
"apkDigestSha256": ["base64 encoded, SHA-256 hash of
the APK installed on a user's device"],
"ctsProfileMatch": true,
"basicIntegrity": true,
}