Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/RikkaW/YASNAC
Yet Another SafetyNet Attestation Checker
https://github.com/RikkaW/YASNAC
Last synced: 4 days ago
JSON representation
Yet Another SafetyNet Attestation Checker
- Host: GitHub
- URL: https://github.com/RikkaW/YASNAC
- Owner: RikkaW
- License: mit
- Archived: true
- Created: 2021-09-23T15:04:11.000Z (about 3 years ago)
- Default Branch: master
- Last Pushed: 2024-01-30T13:53:47.000Z (10 months ago)
- Last Synced: 2024-08-02T01:20:19.173Z (3 months ago)
- Language: Kotlin
- Size: 322 KB
- Stars: 603
- Watchers: 13
- Forks: 35
- Open Issues: 4
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# YASNAC
YASNAC (short for **Y**et **A**nother **S**afety**N**et **A**ttestation **C**hecker) is an Android app that demonstrates SafetyNet Attestation API.
YASNAC is written with [Jetpack Compose](https://developer.android.com/jetpack/compose).
## Introduction
SafetyNet is developed by Google, it provides a set of services and APIs.
SafetyNet Attestation API provides a cryptographically-signed attestation, assessing the device's integrity. The app developer can use SafetyNet Attestation API to check if the device is an emulator, bootloader unlocked, system integrity compromised (root for example), etc. Read [the document from Google](https://developer.android.com/training/safetynet/attestation) for more.This app uses SafetyNet Attestation API and displays the result.
In the production environment, the response of the SafetyNet Attestation API should be transfer to a remote server for verification. As a simple demonstration project, it is impractical to provide a server, so the verification step runs locally.
## Download
- [Google Play](https://play.google.com/store/apps/details?id=rikka.safetynetchecker)
- [GitHub release](https://github.com/RikkaW/YASNAC/releases/latest)
Some users report that attestations always fail for "The version of the Google Play services installed on this device is not authentic". This could be solved by installing the app from Google Play. See [#24](https://github.com/RikkaW/YASNAC/issues/24) [#22](https://github.com/RikkaW/YASNAC/issues/22).
Release apk uses our API key, which has a quota of 10,000 times per day. The quota is shared across all users. If the quota is exhausted, you will see an error.
## Build
1. Obtain as many API keys as desired by [following the guide from Google](https://developer.android.com/training/safetynet/attestation#obtain-api-key)
2. Write the key(s) to `local.properties` in the form of `apiKey=api_key_1\",\"api_key_2`...
3. Build with Android Studio or command line `gradlew :app:aR`## Something else
Android's [Key Attestation API](https://developer.android.com/training/articles/security-key-attestation) is used by SafetyNet to check if the device is unlocked.
[Key Attestation (vvb2060/KeyAttestation)](https://github.com/vvb2060/KeyAttestation) is another demonstrate app for the Key Attestation API.