1

I call: mSafetyNetClient.attest(nonce, apiKey)

and I send in my nonce and API Key. Basically it seems to only work when I have the API Key unrestricted. If I restrict it to only android apps, it stops working.

Why is that and how do I get it to work with android apps restriction?

Thanks for reading.

RichyDavisWindow3
  • 313
  • 3
  • 13
  • AFAIK, this should work even if it is restricted to android app. As per [documentation](https://developer.android.com/training/safetynet/attestation#add-api-key) there is no indication that it will not work if the API key is set to Android specific access. You may want to create another API key following this [documentation](https://developers.google.com/maps/documentation/android-sdk/signup) to verify what is wrong. Also you may want to check the log for any suspicious behavior. Hope this helps. – Mr.Rebot May 09 '18 at 16:18
  • @Mr.Rebot weird it's working for maps when I restrict to an app built in debug mode. Should being in debug mode or release mode affect the safetnet api? – RichyDavisWindow3 May 09 '18 at 21:36

1 Answers1

1

Here's the answer that I found on a similarly asked question. Enjoy! :)

I've contacted a friend of mine at Google, and he reached out to their team. This is currently not supported - there's no way to get this API restricted with the SHA1 fingerprint. It's on their internal roadmap to accommodate this, but for now it won't work.

If you go to their quota request page you can see that they specifically say not to use any form of API key restrictions.

SOURCE: https://stackoverflow.com/a/50360510/8091409

RichyDavisWindow3
  • 313
  • 3
  • 13