Google SafetyNet API Key
Service Name: Google SafetyNet
Service Description: Google SafetyNet is a service that helps app developers assess the security and compatibility of the Android environments in which their apps run. It provides a set of services and APIs that help protect your app against security threats, including device tampering, bad URLs, potentially harmful apps, and fake users.
Service Address: https://developer.android.com/training/safetynet
Validation Type: API Auth
IP Allow list: Does not exist at the secret level, but can be restricted through Google Cloud Console API restrictions.
Secret Access Scope: Grants access to Google SafetyNet APIs, including attestation, safe browsing, and reCAPTCHA verification services.
Secret Revokement URL: https://console.cloud.google.com/apis/credentials
Secret Example: AIzaSyD_8t7vegeHYKZgldwGwfQjU_mZZjgwdfQ
Suspicious Activity Investigation Instructions:
- Review Google Cloud Console API usage metrics for unusual spikes in SafetyNet API calls.
- Check for API calls from unexpected geographic locations or devices.
- Monitor for unauthorized attestation verification requests.
- Review billing information for unexpected charges related to SafetyNet API usage.
- Check application logs for integration with unexpected or unauthorized apps.
Mitigation Instructions:
- Log in to the Google Cloud Console at https://console.cloud.google.com/.
- Navigate to "APIs & Services" > "Credentials".
- Locate the compromised API key in the list.
- Click the trash icon to delete the key, or click on the key to restrict its usage.
- Create a new API key with appropriate restrictions (Android apps, IP addresses, etc.).
- Update your applications with the new API key.
- Consider implementing API key rotation policies for regular security maintenance.
- Apply appropriate API restrictions to limit usage to specific Android applications, IP addresses, or websites.