10

Note I posted the issue/question to google sample github repo, https://github.com/googlesamples/android-play-safetynet/issues/12. However, I don't get any response yet.

library version used: com.google.android.gms:play-services-safetynet:11.4.2

I am using safety net captcha API. everything working as expected meaning, both are detected: - on success (when test with real device and no harms detected) - one failure listener (when test with Android emulator and verified the steps)

However, Here steps produce issue where on success and on failure are not detected: - Run app in Android emulator - Hit the SafetyNet verify with captcha - As android emulator mark as possible harm, it will shows image for the verification - Click on listen icon to listen the word - Click on the screen outside the dialog area, the verification dialog will close

Expected: addOnFailureListener should be triggered because user didn't response to the verification steps when detected as robot

Actual: both OnSuccessListener and addOnFailureListener are not detected

Sample code

SafetyNet.getClient(this).verifyWithRecaptcha(YOUR_API_SITE_KEY)
            .addOnSuccessListener((Executor) this,
            new OnSuccessListener<SafetyNetApi.RecaptchaTokenResponse>() {
                @Override
                public void onSuccess(SafetyNetApi.RecaptchaTokenResponse response) {
                    // Indicates communication with reCAPTCHA service was
                    // successful.
                    String userResponseToken = response.getTokenResult();
                    if (!userResponseToken.isEmpty()) {
                        // Validate the user response token using the
                        // reCAPTCHA siteverify API.
                    }
                }
        })
        .addOnFailureListener((Executor) this, new OnFailureListener() {
                @Override
                public void onFailure(@NonNull Exception e) {
                    if (e instanceof ApiException) {
                        // An error occurred when communicating with the
                        // reCAPTCHA service. Refer to the status code to
                        // handle the error appropriately.
                        ApiException apiException = (ApiException) e;
                        int statusCode = apiException.getStatusCode();
                        Log.d(TAG, "Error: " + CommonStatusCodes
                                .getStatusCodeString(statusCode));
                    } else {
                        // A different, unknown type of error occurred.
                        Log.d(TAG, "Error: " + e.getMessage());
                    }
                }
        });

Questions:

  • Is it expected design in which if user dismiss the verification dialog then SafetyNet doesn't notify the listener?
  • Are there any other listener for SafetyNet to handle the scenario above of the issue? or other solutions to handling this scenario from SafetyNet SDK?

Thanks

sayvortana
  • 825
  • 2
  • 16
  • 32

1 Answers1

0

Github issue solution is to handle action onResume()

When safety net captcha is Cancelled: In my case requirement were to end animation on button when safety net captcha was dismissed. So user would be able to click on it once again.

When safety net captcha fails: They suggested to close all dialog onResume()

In Kotlin answer for that should be:

supportFragmentManager.fragments.takeIf { it.isNotEmpty() }?.map { (it as? DialogFragment)?.dismiss() }

For java you can find answer here: Android - How to Dismiss All Dialogs in onPause

Andrey Kijonok
  • 291
  • 2
  • 17