Configuring attestation for Android devices and BlackBerry Dynamics apps Skip Navigation

Configuring attestation for
Android
devices and
BlackBerry Dynamics
apps

You can use
SafetyNet
or
Google Play Integrity
attestation to have
BlackBerry UEM
send challenges to test the authenticity and integrity of
Android
devices and
BlackBerry Dynamics
apps.
SafetyNet
and
Play Integrity
help you assess the security and compatibility of the environments in which your organization's apps run. You can use
SafetyNet
or
Play Integrity
attestation in addition to
BlackBerry
’s existing root and exploitation detection. You can configure and assign a
UEM
compliance profile to carry out appropriate compliance actions when devices or apps fail attestation.
UEM
uses the
Play Integrity
API with
UEM Client
versions that support it to provide additional protection from application tampering.
Play Integrity
will replace
SafetyNet
based on the migration schedule that is determined by
Google
.
SafetyNet
will continue to be supported for older versions of the
UEM Client
. For more information about migrating from
SafetyNet
, see Google Play: Migrating from the SafetyNet Attestation API.
UEM
performs
SafetyNet
or
Play Integrity
attestation in the following circumstances:
  • After device activation when the
    BlackBerry UEM Client
    is installed.
  • During and after the activation of
    BlackBerry Dynamics
    apps. Note that
    UEM
    does not trust old versions of apps. To pass attestation challenges, devices must have the latest available version of
    BlackBerry Dynamics
    apps.
  • On demand using REST APIs.
  • If the
    UEM Client
    is activated, when a device is restarted.
  • Periodic attestation challenges using the challenge frequency that you specify.
The
UEM Client
is not required for you to enable
SafetyNet
or
Play Integrity
attestation. The
UEM Client
does not appear in the list of
BlackBerry Dynamics
apps that you can configure for
SafetyNet
or
Play Integrity
attestation, but it does receive and respond to attestation challenges from
UEM
.
If a user's device is out of coverage, turned off, or has a dead battery, it cannot respond to attestation challenges. In these circumstances,
UEM
will consider the device to be out of compliance and will carry out the actions you've configured in the assigned compliance profile.