Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/RikkaW/YASNAC

Yet Another SafetyNet Attestation Checker
https://github.com/RikkaW/YASNAC

Last synced: about 2 months ago
JSON representation

Yet Another SafetyNet Attestation Checker

Host: GitHub
URL: https://github.com/RikkaW/YASNAC
Owner: RikkaW
License: mit
Archived: true
Created: 2021-09-23T15:04:11.000Z (about 3 years ago)
Default Branch: master
Last Pushed: 2024-01-30T13:53:47.000Z (8 months ago)
Last Synced: 2024-06-15T14:34:07.770Z (3 months ago)
Language: Kotlin
Size: 322 KB
Stars: 589
Watchers: 13
Forks: 35
Open Issues: 4
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# YASNAC

YASNAC (short for **Y**et **A**nother **S**afety**N**et **A**ttestation **C**hecker) is an Android app that demonstrates SafetyNet Attestation API.

YASNAC is written with [Jetpack Compose](https://developer.android.com/jetpack/compose).

## Introduction

SafetyNet is developed by Google, it provides a set of services and APIs.
SafetyNet Attestation API provides a cryptographically-signed attestation, assessing the device's integrity. The app developer can use SafetyNet Attestation API to check if the device is an emulator, bootloader unlocked, system integrity compromised (root for example), etc. Read [the document from Google](https://developer.android.com/training/safetynet/attestation) for more.

This app uses SafetyNet Attestation API and displays the result.

In the production environment, the response of the SafetyNet Attestation API should be transfer to a remote server for verification. As a simple demonstration project, it is impractical to provide a server, so the verification step runs locally.

## Download

- [Google Play](https://play.google.com/store/apps/details?id=rikka.safetynetchecker)

- [GitHub release](https://github.com/RikkaW/YASNAC/releases/latest)

Some users report that attestations always fail for "The version of the Google Play services installed on this device is not authentic". This could be solved by installing the app from Google Play. See [#24](https://github.com/RikkaW/YASNAC/issues/24) [#22](https://github.com/RikkaW/YASNAC/issues/22).

Release apk uses our API key, which has a quota of 10,000 times per day. The quota is shared across all users. If the quota is exhausted, you will see an error.

## Build

1. Obtain as many API keys as desired by [following the guide from Google](https://developer.android.com/training/safetynet/attestation#obtain-api-key)
2. Write the key(s) to `local.properties` in the form of `apiKey=api_key_1\",\"api_key_2`...
3. Build with Android Studio or command line `gradlew :app:aR`

## Something else

Android's [Key Attestation API](https://developer.android.com/training/articles/security-key-attestation) is used by SafetyNet to check if the device is unlocked.

[Key Attestation (vvb2060/KeyAttestation)](https://github.com/vvb2060/KeyAttestation) is another demonstrate app for the Key Attestation API.