Hi,
We have started rolling out a new feature that will provide developers with insight into the types of signals/measurements that have contributed to each individual SafetyNet Attestation API response.
Our JWS responses now have a new optional field named evaluationType.
The value of this field will be a list of comma-separated string tokens, where each token represents an enum-like value.
Currently, the following string tokens may be indicated::
- BASIC - When we use typical signals and measurements along with reference data during our evaluation.
- HARDWARE_BACKED - When we use the available hardware-backed security features of the remote device (e.g.
hardware-backed key attestation) to influence our evaluation.
Examples of field values that you may expect:
- {“evaluationType”: “BASIC”}
- {“evaluationType”: “BASIC,HARDWARE_BACKED”}
We’re currently evaluating and adjusting the eligibility criteria for devices where we will rely on hardware-backed security features. So please do not use the presence or value of this field as a signal by itself (for now).
Note that this feature has not been officially documented yet. Presently, we’re only communicating it to this announcement-list to collect feedback.
We encourage you to use our
feedback form based on your experience with this new feature as well as the overall service.
Thanks & Regards,
SafetyNet API Clients team