Inside Android's SafetyNet Attestation

Explore the inner workings of Android's SafetyNet Attestation in this comprehensive Black Hat conference talk. Delve into the primary security platform used by Google to maintain the integrity of the Android ecosystem. Learn about the SafetyNet Attestation service offered to Android application developers, providing insights into Google's assessment of operating system and device tampering. Discover attack patterns, OS modification methods, and the evolution of device integrity detection. Examine the SafetyNet modules, attestation process, and implementation challenges. Investigate the relationship between SafetyNet and Android versions, as well as potential vulnerabilities such as bootloader unlocking and client-side response validation. Gain knowledge about application integrity checks, code modification attacks, and their impact on Android security. This in-depth presentation by Collin Mulliner and John Kozyrakis offers valuable insights for developers, security professionals, and anyone interested in Android security mechanisms.

Intro
Attack patterns
OS modification methods
Device integrity detection the old Days
That's a low bar
Hardcoded checks
Attackers can easily disable detections
Attackers can easily feed checkers with bad data
Raising the bar
SafetyNet details
caveats
Criticism
SafetyNet JAR
SafetyNet modules
Example: device_state
SafetyNet Attestation: Overview
SafetyNet Attestation: Call Chain
SafetyNet Attestation: Request Attestation
SafetyNet Attestation Overview: Request Attestation
SafetyNet Attestation: Forward Data
SafetyNet Attestation: Attest Device & App
SafetyNet Attestation: Deliver Result
Ideal implementation
Attestation result validation
Check crypto!
cts Profile Match & basicIntegrity
SafetyNet and the Nonce
Handle errors!
Attestation: just an API Call away!?
API Failures...
Howto: App/APK Integrity
Implementation & Deployment Summary
SafetyNet vs. Android Versions
Android 4
Boot Loader Unlocked
Client-side response validation?
SuHide and Magisk
SafetyNet's Application Integrity Checks
Running Code on Android
ODEX Code Modification Attack: Overview (Generic)
Attacking ODEX files: all Android Versions
Attacking ODEX files without Root (Android 6)
ODEX file Attack via Dirtycow
Attack Impact
Fun time