Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry UEM 12.21
  3. Managing device configurations
  4. Configuring attestation for devices
  5. Configuring attestation for Android devices and BlackBerry Dynamics apps

Configuring attestation for
Android
 devices and
BlackBerry Dynamics
 apps

You can use
SafetyNet
 or
Google Play Integrity
 attestation to have
BlackBerry UEM
 send challenges to test the authenticity and integrity of
Android
 devices and
BlackBerry Dynamics
 apps.
SafetyNet
 and
Play Integrity
 help you assess the security and compatibility of the environments in which your organization's apps run. You can use
SafetyNet
 or
Play Integrity
 attestation in addition to
BlackBerry
’s existing root and exploitation detection. You can configure and assign a
UEM
 compliance profile to carry out appropriate compliance actions when devices or apps fail attestation.
UEM
 uses the
Play Integrity
 API with
UEM Client
 versions that support it to provide additional protection from application tampering.
Play Integrity
 will replace
SafetyNet
 based on the migration schedule that is determined by
Google
.
SafetyNet
 will continue to be supported for older versions of the
UEM Client
. For more information about migrating from
SafetyNet
, see Google Play: Migrating from the SafetyNet Attestation API.
UEM
 performs
SafetyNet
 or
Play Integrity
 attestation in the following circumstances:
  • After device activation when the
    BlackBerry UEM Client
     is installed.
  • During and after the activation of
    BlackBerry Dynamics
     apps. Note that
    UEM
     does not trust old versions of apps. To pass attestation challenges, devices must have the latest available version of
    BlackBerry Dynamics
     apps.
  • On demand using REST APIs.
  • If the
    UEM Client
     is activated, when a device is restarted.
  • Periodic attestation challenges using the challenge frequency that you specify.
The
UEM Client
 is not required for you to enable
SafetyNet
 or
Play Integrity
 attestation. The
UEM Client
 does not appear in the list of
BlackBerry Dynamics
 apps that you can configure for
SafetyNet
 or
Play Integrity
 attestation, but it does receive and respond to attestation challenges from
UEM
.
If a user's device is out of coverage, turned off, or has a dead battery, it cannot respond to attestation challenges. In these circumstances,
UEM
 will consider the device to be out of compliance and will carry out the actions you've configured in the assigned compliance profile.