Google provides an API to verify device integrity and detect harmful apps. See the SafetyNet documentation for more information.
$ npm install @bitwala/react-native-safetynet
or
$ yarn add @bitwala/react-native-safetynet
$ react-native link @bitwala/react-native-safetynet
- Open up
android/app/src/main/java/[...]/MainActivity.java
- Add
import com.bitwala.safetynet.RNSafetyNetPackage;
to the imports at the top of the file - Add
new RNSafetyNetPackage()
to the list returned by thegetPackages()
method
- Append the following lines to
android/settings.gradle
:include ':@bitwala/react-native-safetynet' project(':@bitwala/react-native-safetynet').projectDir = new File(rootProject.projectDir, '../node_modules/@bitwala/react-native-safetynet/android')
- Insert the following lines inside the dependencies block in
android/app/build.gradle
:implementation project(':@bitwala/react-native-safetynet')
import RNSafetyNetClient from '@bitwala/react-native-safetynet';
// STEP 1: Send nonce request to server with device unique id
const deviceId =
'You can use the "react-native-device-info" module to get the unique id of device';
const nonceResult = await RNSafetyNetClient.requestNonce({
endPointUrl: 'https://your-server/nonce-creator-endpoint',
additionalData: deviceId,
});
if (!nonceResult.nonce || nonceResult.error) {
console.log(nonceResult.error);
return;
}
// STEP 2: Send attestation request to Google Play
const attestationResult = await RNSafetyNetClient.sendAttestationRequest(
nonceResult.nonce,
'YOUR API KEY'
);
if (!attestationResult.jws || attestationResult.error) {
console.log('Attestation request failed.');
return;
}
// STEP 3: Pass the JSW to your server for verification.
const verification = await RNSafetyNetClient.verifyAttestationResult({
endPointUrl: 'https://your-server/verification-endpoint',
attestationJws: attestationResult.jws,
});