Last fall, Android introduced the SafetyNet Attestation API to help organizations assess the security and capability of the Android environments their apps run on. This gives organizations greater confidence around the security and integrity of devices within their environment.

How does it work?

SafetyNet creates a profile of the device running the app and identifies whether the device passed Android-compatibility testing. It also helps to assess the device to determine whether it has been tampered or modified.

If the SafetyNet Attestation API check identifies that a device has been rooted or modified — a potential security threat — admins can send a trigger to not run an app on that device. This can protect users and company information from malware attempting to access sensitive information.

Android SafetyNet Attestion API can be enabled through the Citrix Endpoint Management console, shown below.

When this feature is enabled, Secure Hub sends the SafetyNet Attestation API request to Google Play services, and the result is reported back to Endpoint Management. Endpoint Management then updates device information with the attestation results.

From those results, administrators can automate the triggering of actions on the device. Depending on the administrators’ configuration, if the Attestation API check identifies that a device running Secure Hub is rooted or modified, then Secure Hub can be disabled on the device, preventing access and potential security threats.

Together, SafetyNet Attestation API and Endpoint Management help organizations detect devices in their environment that may be compromised and take actions on those devices, strengthening mobile device security within organizations.

Click here for more information on how to enable Android SafetyNet with your Endpoint Management deployment.