During BlackHat EU 2017, myself and Collin Mulliner presented on Android SafetyNet Attestation. The presentation covered what SafetyNet is, why would Android developers use attestation, some of the checks it does and certain weaknesses it currently has. I have blogged on this topic several times. So, here are the slides. Let me know if you have any questions, would be happy to answer.| Yiannis Kozyrakis ~ blog
This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source It’s been more than 8 months since my last blog post on Android’s SafetyNet. In that post I was describing an end-of-2015 version of the system (version code 2495818).| Yiannis Kozyrakis ~ blog
This post is part of a series: Inside SafetyNet part 1 (Oct 2015) Inside SafetyNet part 2 (Feb 2016) Inside SafetyNet part 3 (Nov 2016) How to implement Attestation securely using server-side checks (my blog, Cigital blog) SafetyNet Playground (POC server-side implementation) Play Store - Android source - PHP source What is SafetyNet The Android Pay application got released a few days ago. Some people using rooted devices discovered that it refused to work.| Yiannis Kozyrakis ~ blog