Play integrity is now the recommended android attestation. We have added Play Integrity to the new SDK. It does not require any coding. Or publishing the application again. Just enable Play Integrity from the play console and let us know in support@vdocipher.com or from the support section of your dashboard.
This page contains info on setting up SafetyNet which is no longer recommended. Please get in touch with us through Support to use Play integrity.
SafetyNet Integration with VdoCipher react-native SDK
Overview
VdoCipher react-native sdk integrates Google's SafetyNet protection for android devices on versions 1.7.3 and above. This provides additional protection for your videos against following concerns:
- SafetyNet is essentially a protection on app side and can be optionally implemented by you independent of VdoCipher on app side if you follow the Google Android docs here. Though, we have integrated it in our SDK as explained below and tried to make it easier for you to integrate along with our SDK
- Emulator protection - With Safetynet integration enabled, playback on emulators will be blocked by default.
- Rooted phone protection - It is also included in Safetynet as this checks device integrity, but Google does not 100% assure that all rooted phones will be surely blocked. But there is no other higher protection available than Safetynet for Rooted devices, thus this is the best security against rooted phone
- App duplication - In addition to the above, SafetyNet can also ensure playback is only allowed on apps published by you, and not on any modified apks, etc. Additional steps mentioned further in below document will add app certification checks to the default SafetyNet checks before playback. This will largely prevent any duplicate app cases
Integration steps
Detailed Steps and sample code for SafetyNet integration via VdoCipher SDK
Kindly go through the linked document above before integrating SafetyNet into your app.
Step 1 (Creating API key from Google account), and Step 2 (OTP creation on backend) will remain the same.
For Step 3 (app side changes), follow these instructions specific to react-native app:
You'll need to set the SafetyNet API Key obtained in Step 1 in your embedInfo:
const embedInfo = {
otp: 'your-otp',
playbackInfo: 'your-playbackInfo',
safetyNetApiKey: 'your-key',
};
Kindly follow the instructions in the document linked above to test locally, and use appropriate debug/release certificates' sha256 digest for creating the OTP.