{"guid":"c35e099a-f620-41ea-8e99-16cade147196","title":"Inside Android’s SafetyNet Attestation: Attack and Defense","subtitle":null,"slug":"34c3-8725-inside_android_s_safetynet_attestation_attack_and_defense","link":"https://fahrplan.events.ccc.de/congress/2017/Fahrplan/events/8725.html","description":"SafetyNet Attestation is the primary platform security service on Android. Until recently you had to use third party tools or implemented your own app integrity checks and device rooting checks. Today you can use Android's SafetyNet Attestation infrastructure to ensure the integrity of your application and the user's device. Unfortunately, SafetyNet Attestation is not well documented by Google. This talk is split into three parts. Part one provides a deep dive into SafetyNet Attestation how it works. Part two is a guide on how to implement and use it for real world applications. This is based on the lessons learned from implementing SafetyNet Attestation for an app with a large install base. The talk will provide you with everything you need to know about Android’s SafetyNet Attestation and will help you to implement and use it in your app. Part three presents attacks and bypasses against SafetyNet Attestation. The attack method targets not only SafetyNet but other similar approaches. New tools and techniques will be released at this talk.","original_language":"eng","persons":["Collin Mulliner"],"view_count":1297,"promoted":false,"date":"2017-12-28T00:00:00.000+01:00","release_date":"2017-12-28T01:00:00.000+01:00","updated_at":"2025-12-15T02:30:02.666+01:00","tags":["34c3","8725","Security"],"length":3550,"duration":3550,"thumb_url":"https://static.media.ccc.de/media/congress/2017/8725-hd.jpg","poster_url":"https://static.media.ccc.de/media/congress/2017/8725-hd_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2017/c35e099a-f620-41ea-8e99-16cade147196-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2017/c35e099a-f620-41ea-8e99-16cade147196-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/34c3-8725-inside_android_s_safetynet_attestation_attack_and_defense","url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_title":"34C3: TUWAT","conference_url":"https://api.media.ccc.de/public/conferences/34c3","related":[{"event_id":4766,"event_guid":"19b7e5d7-bba7-46da-afbc-f16d43fe395f","weight":32},{"event_id":4779,"event_guid":"544e7736-6b59-4c05-87a7-c013ef993688","weight":3},{"event_id":4782,"event_guid":"de1b5916-8052-4a25-bded-25d96a43aff7","weight":3},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":42},{"event_id":4785,"event_guid":"4c4af291-e9ed-4dc9-8b2e-9062db9924fa","weight":3},{"event_id":4794,"event_guid":"a2887b4a-0c9d-4220-a52f-c65c20ae25d7","weight":36},{"event_id":4797,"event_guid":"c7b3314c-165c-446d-963c-609922ea990f","weight":25},{"event_id":4810,"event_guid":"c1acc5c2-58b2-4ed5-a504-351b8b93c171","weight":38},{"event_id":4823,"event_guid":"bf924a39-2860-4e27-8741-b8fa0c010363","weight":23},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":50},{"event_id":4828,"event_guid":"4cb7be14-bfbd-42a2-a556-9ef8e8bd6ba7","weight":25},{"event_id":4832,"event_guid":"275f85de-d612-4440-8755-85dee5912f12","weight":41},{"event_id":4833,"event_guid":"e1a60f7b-6a56-4dce-ab3a-c686fa940aa8","weight":44},{"event_id":4837,"event_guid":"664f6c37-2fab-4191-a5d6-042aba7518c3","weight":25},{"event_id":4840,"event_guid":"21127aeb-fe1f-4506-a3f0-d747e20419a5","weight":25},{"event_id":4842,"event_guid":"581ccbad-4bbf-47a2-8845-f52278d61061","weight":42},{"event_id":4855,"event_guid":"51b586be-500c-436e-b70c-fc433e65c4be","weight":25},{"event_id":4866,"event_guid":"117a52b4-f675-49dd-aafe-659c07b6bc9c","weight":29},{"event_id":4898,"event_guid":"8c303809-3c7c-4532-ab1e-c9a4e7c38245","weight":27}],"recordings":[{"size":null,"length":null,"mime_type":"application/x-subrip","language":"eng","filename":"DRAFT_34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.en_DRAFT.srt","state":"todo","folder":"","high_quality":true,"width":null,"height":null,"updated_at":"2022-01-15T16:12:19.978+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/DRAFT_34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.en_DRAFT.srt","url":"https://api.media.ccc.de/public/recordings/57283","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":250,"length":3550,"mime_type":"video/mp4","language":"eng","filename":"34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T22:18:04.137+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp4","url":"https://api.media.ccc.de/public/recordings/21269","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":249,"length":3550,"mime_type":"video/mp4","language":"deu","filename":"34c3-8725-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T22:18:18.927+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8725-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp4","url":"https://api.media.ccc.de/public/recordings/21270","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":456,"length":3550,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_hd.mp4","state":"new","folder":"h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T22:18:32.248+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-hd/34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_hd.mp4","url":"https://api.media.ccc.de/public/recordings/21271","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":266,"length":3550,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_hd-slides.mp4","state":"new","folder":"slides-h264-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-28T22:45:47.124+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-hd/34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_hd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/21289","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":39,"length":3535,"mime_type":"audio/opus","language":"eng","filename":"34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.opus","state":"new","folder":"opus","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-28T23:57:38.936+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/opus/34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.opus","url":"https://api.media.ccc.de/public/recordings/21328","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":188,"length":3550,"mime_type":"video/mp4","language":"eng-deu","filename":"34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_sd.mp4","state":"new","folder":"h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-28T23:59:42.045+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/h264-sd/34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_sd.mp4","url":"https://api.media.ccc.de/public/recordings/21331","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":53,"length":3535,"mime_type":"audio/mpeg","language":"eng","filename":"34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp3","state":"new","folder":"mp3","high_quality":false,"width":0,"height":0,"updated_at":"2017-12-29T00:00:39.692+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/mp3/34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense.mp3","url":"https://api.media.ccc.de/public/recordings/21333","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":483,"length":3550,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_webm-sd.webm","state":"new","folder":"webm-sd","high_quality":false,"width":720,"height":576,"updated_at":"2017-12-29T01:37:31.267+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-sd/34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_webm-sd.webm","url":"https://api.media.ccc.de/public/recordings/21378","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":654,"length":3550,"mime_type":"video/webm","language":"eng-deu","filename":"34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_webm-hd.webm","state":"new","folder":"webm-hd","high_quality":true,"width":1920,"height":1080,"updated_at":"2017-12-29T11:11:43.645+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/webm-hd/34c3-8725-eng-deu-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_webm-hd.webm","url":"https://api.media.ccc.de/public/recordings/21456","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"},{"size":79,"length":3550,"mime_type":"video/mp4","language":"eng","filename":"34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_sd-slides.mp4","state":"new","folder":"slides-h264-sd","high_quality":false,"width":720,"height":576,"updated_at":"2018-01-02T15:47:27.132+01:00","recording_url":"https://cdn.media.ccc.de/congress/2017/slides-h264-sd/34c3-8725-eng-Inside_Androids_SafetyNet_Attestation_Attack_and_Defense_sd-slides.mp4","url":"https://api.media.ccc.de/public/recordings/22311","event_url":"https://api.media.ccc.de/public/events/c35e099a-f620-41ea-8e99-16cade147196","conference_url":"https://api.media.ccc.de/public/conferences/34c3"}]}