Software Integrity

 

Demystifying Android’s SafetyNet Attestation at Black Hat Europe 2017

Demystifying Android's SafetyNet Attestation at Black Hat Europe 2017

Many app developers have questions like “Is the device my app runs on reliable? Is it trustworthy? Could it be ‘rooted’?”

Answering questions such as these can be difficult.

In an area traditionally dominated by root detection products and DIY techniques, Google attempts to respond to this request: “OK Google, what do you think about the device I’m running in?”

SafetyNet is the primary security platform used by Google to maintain the Android ecosystem. SafetyNet Attestation is a service offered by the SafetyNet system to all Android application developers. They can use it to gain insight into what Google believes to be the state of the operating system and device.

Unfortunately, SafetyNet Attestation isn’t well documented by Google.

How does SafetyNet Attestation work?

You may be wondering how it works, what checks it conducts, whether it helps, and how you can implement it in your application without it being trivially bypassable. Taking a perspective useful to both developers and penetration testers, the upcoming presentation covers multiple aspects of the system.

Join John Kozyrakis and Collin Mulliner at Black Hat Europe 2017 to take a deep dive into Android’s SafetyNet Attestation.

The first part of the presentation will recap the basics of root detection and tamper detection on Android applications. We’ll then take a deeper look into the internals of the SafetyNet system and Attestation. Specifically, we’ll examine what checks it does and how it’s designed, detailing how it is different to traditional detection techniques. From there, we’ll discuss the different ways the system can be implemented in real world applications and how each method may achieve a different level of risk reduction. This is based on the lessons learned from implementing SafetyNet Attestation for several applications with large install bases. It also shows how an organization’s maturity can impact security checks.

Finally, we’ll present various attacks and bypass methods against SafetyNet Attestation. These target not only SafetyNet, but also other similar approaches.

Black Hat Europe 2017

Black Hat presents the latest in information security research, development, and trends. This four day conference brings together some of the brightest professionals and researchers in the industry.

Black Hat Europe 2017 will take place from December 4-7, 2017 in London, UK.

Register