Configuring attestation for Android devices and BlackBerry
Dynamics apps
Android
devices and BlackBerry
Dynamics
appsYou can use
Google Play Integrity
attestation to have BlackBerry UEM
send challenges to test the authenticity and integrity of Android
devices and BlackBerry
Dynamics
apps. Play Integrity
attestation helps you assess the security and compatibility of the environments where your organization's apps run. You can use Play Integrity
attestation in addition to BlackBerry
’s existing root and exploitation detection. You can configure and assign a UEM
compliance profile to carry out appropriate compliance actions when devices or apps fail attestation.UEM
uses the Play Integrity
API with the UEM Client
provide additional protection from application tampering. Play Integrity
replaces SafetyNet
attestation. Google
disabled SafetyNet
attestation in Janurary 2025, so it is no longer supported by UEM
. If your organization still uses SafetyNet
attestation, you should transition to Play Integrity
attestation.UEM
performs Play Integrity
attestation in the following circumstances:
- After device activation when theUEM Clientis installed.
- During and after the activation ofBlackBerry Dynamicsapps. Note thatUEMdoes not trust old versions of apps. To pass attestation challenges, devices must have the latest available version ofBlackBerry Dynamicsapps.
- On demand using REST APIs.
- If theUEM Clientis activated, when a device is restarted.
- Periodic attestation challenges using the challenge frequency that you specify.
The
UEM Client
is not required for you to enable Play Integrity
attestation. The UEM Client
does not appear in the list of BlackBerry
Dynamics
apps that you can configure for Play Integrity
attestation, but it does receive and respond to attestation challenges from UEM
.If a user's device is out of coverage, turned off, or has a dead battery, it cannot respond to attestation challenges. In these circumstances,
UEM
will consider the device to be out of compliance and will carry out the actions that you've configured in the assigned compliance profile.