My team is in the process of adding the SafetyNet Attestation API for our Google Play Store apps to ensure authenticity of our apps (see here).
The certificate has a SHA256 code as a fingerprint of the certificate.
Has anyone build this into the mobile contexts schema or a custom context or made an enrichment to alert when people are using cracked version of your app?
This sounds like a use case for pairing a custom context with a custom enrichment as well.
I’d avoid tying it to mobile context because the API is unique to Android and you’ll likely want some control of how often you fire this event (e.g., on app load versus every app event). It sounds like the signed response is a good candidate for being sent in it’s own schema (by the app) and then having an additional “server side” process during enrichment that verifies the signature sent by the client (and perhaps sets a boolean flag on a “verified” flag in the data).