CODEWITHSUNDEEP
androidsafetynet
megamind79
megamind79

Reputation: 89

Verifying Android device using device verification api

I was looking at this for verifying the authenticity of an android device as show here. Now there're 2 ways to do this. One is offline verify and the other online verify. While online verify calls a google attestation check api, to which I also have to send in my API_KEY along with my attestation response.

Can someone suggest choose which way to verify my device - whether offline or online, to use in my server?

Upvotes: 0

Views: 3018

Answers (2)

Ajit m Kapadiya
Ajit m Kapadiya

Reputation: 1

Add the following dependencies to your pubspec.yaml file:

dependencies:
  google_sign_in: ^5.2.1
  googleapis: ^6.0.0
  flutter_secure_storage: ^4.2.1

Upvotes: 0

Jayrassic
Jayrassic

Reputation: 137

According to the documentation, online verification should only be used in the early development stage. Relevant passage:

During initial testing and development (but not in production), you can call an online API for verifying the signature of the JWS statement. This process has also been shown in the android-play-safetynet sample API usage made available on GitHub. Note that online verification API is solely for early-stage testing, and you have a fixed quota of 10,000 requests per day.

Instead one should use offline verification, based off of the template you found, as the JWS can be verified without the need of Google.

Upvotes: 1

Related Questions