SafetyNet Attestation API

[Gaurav Sarin]

Dear All,

 

Please refer to below link for SafetyNet Attestation API.

 

Link: https://developer.android.com/training/safetynet/attestation.html

 

PS: The default request quota for a SafetyNet Attestation API key is 10,000 requests per day. If you require additional capacity, send a request to the SafetyNet API quota team.

 

Best Regards,

Gaurav

[Gaurav Sarin]

Dear All,

Please find the attached document on Integrating SafetyNet API.

Best Regards,

Gaurav

[Kathiresan]

Dear Gaurav,

 

One of our customer is using MDM enabled TAB in which google play service is disabled. So SafetyNet API library is not able to connect the google services.

 

Kindly suggest us to implement SafteyNet API in MDM enabled devices.

 

Thanks and regards,

Kathiresan. A

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+...@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/d36d31f2-6f80-4d0f-8411-e22e55360400%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

This communication may contain confidential information. If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information contained within this communication.. Errors and Omissions may occur in the contents of this Email arising out of or in connection with data transmission, network malfunction or failure, machine or software error, malfunction, or operator errors by the person who is sending the email. Precision Group accepts no responsibility for any such errors or omissions. The information, views and comments within this communication are those of the individual and not necessarily those of Precision Group. All email that is sent from/to Precision Group is scanned for the presence of computer viruses, security issues and inappropriate content. However, it is the recipient's responsibility to check any attachments for viruses before use.

[Netaji Rao]

According to Q&A-Vol-4, managed devices with MDM are allowed. SafetyNet API check is not required in these devices.

Gaurav,

Can you please confirm?

btw, may we know what exactly the motive behind SafetyNet requirement? 

Is Safetynet not simply a tool from a third party (Google) to verify basic integrity check? Why are the other alternate integrity checks not allowed?

Instead of prescribing safetynet and relying on Google's implementation, why can't UIDAI provide a basic integrity check service  (minus Google attestation) that every RD Service can connect and get integrity status?

Thanks,
Netaji Rao D

On 24-Aug-2017 5:18 PM, "Kathiresan" <kathires...@precisionbiometric.co.in> wrote:

Dear Gaurav,

 

One of our customer is using MDM enabled TAB in which google play service is disabled. So SafetyNet API library is not able to connect the google services.

 

Kindly suggest us to implement SafteyNet API in MDM enabled devices.

 

Thanks and regards,

Kathiresan. A

 

From: aadha...@googlegroups.com [mailto:aadhaar_rd@googlegroups.com] On Behalf Of Gaurav Sarin
Sent: 18 August 2017 14:12
To: Aadhaar Registered Devices Discussion Group
Subject: [aadhaar_rd] Re: SafetyNet Attestation API

 

Dear All,

 

Please find the attached document on Integrating SafetyNet API.

 

Best Regards,

Gaurav

On Friday, July 28, 2017 at 2:50:34 PM UTC+5:30, Gaurav Sarin wrote:

Dear All,

 

Please refer to below link for SafetyNet Attestation API.

 

Link: https://developer.android.com/training/safetynet/attestation.html

 

PS: The default request quota for a SafetyNet Attestation API key is 10,000 requests per day. If you require additional capacity, send a request to the SafetyNet API quota team.

 

Best Regards,

Gaurav

--
You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.

To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.
To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/d36d31f2-6f80-4d0f-8411-e22e55360400%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

This communication may contain confidential information. If you are not the intended recipient it may be unlawful for you to read, copy, distribute, disclose or otherwise use the information contained within this communication.. Errors and Omissions may occur in the contents of this Email arising out of or in connection with data transmission, network malfunction or failure, machine or software error, malfunction, or operator errors by the person who is sending the email. Precision Group accepts no responsibility for any such errors or omissions. The information, views and comments within this communication are those of the individual and not necessarily those of Precision Group. All email that is sent from/to Precision Group is scanned for the presence of computer viruses, security issues and inappropriate content. However, it is the recipient's responsibility to check any attachments for viruses before use.

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.

To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.

To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/007201d31cce%24362c9b10%24a285d130%24%40precisionbiometric.co.in.

[Ramanathan Meipporul]

Dear UIDAI Team,

PCI-PTS certified Android PoS devices are not having access to Google Play services. Safety net check will not work in these devices. Since UIDAI is making safety net check mandatory for RDS to run in Android devices, this prohibits all PCI certified Android PoS devices from supporting RDS.

PCI-PTS certification is meant for doing customer transactions (PIN based) with maximum security. RDS is meant for secured bio metric authentication (PID based). How to have both - secured PIN authentication and secured bio metric authentication? This will never be possible. Let us know whether this is what UIDAI wants?

Regards,

Ramanathan M

CMPPL

--

You received this message because you are subscribed to the Google Groups "Aadhaar Registered Devices Discussion Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to aadhaar_rd+unsubscribe@googlegroups.com.
To post to this group, send email to aadha...@googlegroups.com.
Visit this group at https://groups.google.com/group/aadhaar_rd.

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/e4a71777-2928-46c9-864e-72927876e22f%40googlegroups.com.

[Netaji Rao]

Unfortunately, we never received any clarification on this subject.

There is a lot of confusion in the ecosystem, because of this recommendation from UIDAI.

Not sure, why a 3rd(Google) party attestation is required for a host to run and protect a biometric device's RDService.

Why is there no such restriction on Linux based host machines. Are they protected by any 3rd party tool? Or RDService itself taking care of it's own security?

BTW, Many of the Android tab manufacturer's do not have attestation license from Google, except for few big brands.

Thanks,
Netaji Rao D

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/CAOhKHJ8HifpDq%2Bzsv6X7g7xcAV%2Beu-kAXKQBc1U%3DK75t4COS%3Dw%40mail.gmail.com.

[Raghu B]

All, 

We should also contemplate the implications of this attestation in light of the recent ruling on privacy as a fundamental right. UID needs to clarify this urgently.

Thanks

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/CAOt%2BV9OikRkFjpP5E3G4HDOwdTN%2BNZPRjD5m3KEXmakSOqD%2BQQ%40mail.gmail.com.

[Ramanathan Meipporul]

Dear UIDAI team,

PCI-PTS certified PoS devices are tamper proof. Signed apps can only be installed in these devices. We suggest and this perhaps could be the right approach  to consider PCI certified devices as most secured platform for RDS. 

Safety net is openly available to all Google certified devices. But PCI view seems that having access to safety net check can compromise security of PCI device. So PCI restricts access to Google Play/Safety net.

Security of host device platform is much higher when it is PCI-PTS certified than having safety net check. Request UIDAI to provide appropriate clarification on non standard Android platforms - (i.e) to differentiate PCI certified PoS from tablets/smartphones running on non standard Android.

Regards,

Ramanathan M

CMPPL

To view this discussion on the web visit https://groups.google.com/d/msgid/aadhaar_rd/CAOt%2BV9OikRkFjpP5E3G4HDOwdTN%2BNZPRjD5m3KEXmakSOqD%2BQQ%40mail.gmail.com.

[Ramanathan Meipporul]

Dear UIDAI Team,

Request clarity on this issue of non standard Android Vs PCI-PTS certified PoS.

Banks are insisting on PCI-PTS certified devices for card (Rupay/VISA/Master/Amex) payments at merchant outlets. It is important to note that RDS based Aadhaar Pay app also need to run on the same device to expand support of all cashless payment modes. We can not move away from PCI devices to RDS based Aadhaar Pay completely. 

Awaiting for UIDAI response.

Ramanathan M

CMPPL

[sachin]

Dear UIDAI Team,

Kindly provide a clarity on the following. 

In the case of Rdservice on managed OS. If the device provider has an MDM and application distribution control for the Non-Standard-Android OS [or Managed OS] then will the UIDAI accept the declaration from the device provider rather than from AUA.

This consideration will help in avoiding the trouble of fetching the NOC from multiple AUAs running multiple applications for Aadhar based operations.

Regards

Sachin