Starting in March 2018, Google Play will be adding a small amount of metadata to all apps, as discussed in this
blog post. If you’re using the
SafetyNet Attestation API for validation, there is a possibility that your app could stop working for some users. Please read our recommended course of action below.
What’s changingThe
apkDigestSha256 value in the SafetyNet Attestation API response will be different from the original hash value of the APK that you previously uploaded to Google Play. This value will now be a hash of the APK that includes the new metadata.
Action recommendedIf you are using the
apkDigestSha256 field for validation, we recommend that you change your logic to use the
apkCertificateDigestSha256 and
apkPackageName instead. The certificate digest will become the most reliable way to verify your app’s APK based on the signing key. If you continue to use
apkDigestSha256, your app might stop working for some users.
If you are unable to implement the above changes before March 2018 please complete this form.Regards,
SafetyNet API Clients Team