In May 2020, we shared a feature preview
of a new optional “evaluationType” field in the JWS response.
We are excited to announce that we have adjusted the “ctsProfileMatch” and “basicIntegrity” calculation logic to incorporate hardware-backed checks where applicable, leading to an improved resilience against advanced attacks. We also graduated the “evaluationType” field, which is now officially supported
and can be relied upon.
The changes to the “ctsProfileMatch” and “basicIntegrity” calculations should be transparent. No action is required, just enjoy the increased resilience.
Most users should continue to rely on “ctsProfileMatch” and “basicIntegrity”. For a small class of apps that already
require “ctsProfileMatch” and wish to enforce the highest levels of security, even at the cost of limiting their user base, the “evaluationType” field will assist with setting the required bar.
We have published official documentation
for the “evaluationType” field to describe its possible values. We strongly encourage you to read this documentation before using the field.
We encourage you to use our feedback form
based on your experience with this new feature as well as the overall service.
SafetyNet API Clients Team