We built an Android SDK that uses native FIDO2 API
. This API provides WebAuthn client implementation that can be used as a platform authenticator.
When creating an attestation object using FIDO2 API
, the attestation format is "safety-net" and I see "Android Authenticator with SafetyNet Attestation" is already FIDO_CERTIFIED_L1. In this case, How do we apply for the Authenticator Certification for the Android SDK that we built (AAGUID and Root Certificate are all going to be the same in the Metadata Statement)?
In general, Can someone help me understand how/when a Mobile App/SDK can be FIDO2 Authenticator certified?