Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. Managing device configurations
  4. Configuring attestation for devices
  5. Configuring attestation for Android devices and BlackBerry Dynamics apps

Configuring attestation for
Android
 devices and
BlackBerry Dynamics
 apps

You can use
Google Play Integrity
 attestation to have
BlackBerry UEM
 send challenges to test the authenticity and integrity of
Android
 devices and
BlackBerry Dynamics
 apps.
Play Integrity
 attestation helps you assess the security and compatibility of the environments where your organization's apps run. You can use
Play Integrity
 attestation in addition to
BlackBerry
’s existing root and exploitation detection. You can configure and assign a
UEM
 compliance profile to carry out appropriate compliance actions when devices or apps fail attestation.
UEM
 uses the
Play Integrity
 API with the
UEM Client
 provide additional protection from application tampering.
Play Integrity
 replaces
SafetyNet
 attestation.
Google
 disabled
SafetyNet
 attestation in Janurary 2025, so it is no longer supported by
UEM
. If your organization still uses
SafetyNet
 attestation, you should transition to
Play Integrity
 attestation.
UEM
 performs
Play Integrity
 attestation in the following circumstances:
  • After device activation when the
    UEM Client
     is installed.
  • During and after the activation of
    BlackBerry Dynamics
     apps. Note that
    UEM
     does not trust old versions of apps. To pass attestation challenges, devices must have the latest available version of
    BlackBerry Dynamics
     apps.
  • On demand using REST APIs.
  • If the
    UEM Client
     is activated, when a device is restarted.
  • Periodic attestation challenges using the challenge frequency that you specify.
The
UEM Client
 is not required for you to enable
Play Integrity
 attestation. The
UEM Client
 does not appear in the list of
BlackBerry Dynamics
 apps that you can configure for
Play Integrity
 attestation, but it does receive and respond to attestation challenges from
UEM
.
If a user's device is out of coverage, turned off, or has a dead battery, it cannot respond to attestation challenges. In these circumstances,
UEM
 will consider the device to be out of compliance and will carry out the actions that you've configured in the assigned compliance profile.