package mobile.antispam.safetynet.v1

Get desktop application:
View/edit binary Protocol Buffers messages

SafetyNet is an Android OS feature that can be used to verify the authenticity of devices and applications on the platform. From the Android clients' perspective, the service works as follows: - bind - if authenticated, check if this deviceID/username pair has been previously verified (via storage) - if already verified, no action required - if not already verified, action required - if anonymous, action required - if action required: - request nonce from Kik SafetyNet service - make attestation request with nonce to Google - verify JWS result with Kik SafetyNet service - if authenticated and result is OK, mark this deviceID/username pair as verified in storage

rpc GetNonce (common.VoidRequest, GetNonceResponse)
safetynet_service.proto:31
Get a nonce to be signed using SafetyNet that can later be verified on the Kik SafetyNet verification service backend.
message GetNonceResponse
safetynet_service.proto:47
- GetNonceResponse.Result result = 1
- string nonce = 2
  A nonce that must be signed via the attestation API in order to validate with the Kik SafetyNet verification service backend.
rpc VerifyAttestationResult (VerifyAttestationResultRequest, VerifyAttestationResultResponse)
safetynet_service.proto:40
Given the JWS payload from the Google SafetyNet API call, verify the request using the provided certificate chain on the Kik SafetyNet verification backend. Clients are provided very little information in the response. As long as the nonce is valid (matches last nonce requested by client, not expired) and the request is well-formed (valid JWS, expected fields present in payload), the client will receive an OK response. Clients are *not* informed of whether or not the actual signature was valid, or if the client "verified" successfully with the backend.
message VerifyAttestationResultRequest
safetynet_service.proto:61
- string jws = 1
  The full JWS result from the Google SafetyNet attestation API.
message VerifyAttestationResultResponse
safetynet_service.proto:70
- VerifyAttestationResultResponse.Result result = 1

Used in: GetNonceResponse

OK = 0

Used in: VerifyAttestationResultResponse

OK = 0
The request was syntactically well-formed with a valid nonce. The client need not retry.
INVALID_NONCE = 1
The nonce provided either expired, or did not match the last nonce provided to the client.
MALFORMED_REQUEST = 2
The request was syntactically malformed (invalid JWS).

package mobile.antispam.safetynet.v1

service SafetyNet

rpc GetNonce (common.VoidRequest, GetNonceResponse)

message GetNonceResponse

GetNonceResponse.Result result = 1

string nonce = 2

rpc VerifyAttestationResult (VerifyAttestationResultRequest, VerifyAttestationResultResponse)

message VerifyAttestationResultRequest

string jws = 1

message VerifyAttestationResultResponse

VerifyAttestationResultResponse.Result result = 1

enum GetNonceResponse.Result

OK = 0

enum VerifyAttestationResultResponse.Result

OK = 0

INVALID_NONCE = 1

MALFORMED_REQUEST = 2