Robbie Small

How were you looking to implement this? I have implemented the server but some of the cert verifications get pretty hairy. Mostly the following: > - Extract the SSL certificate...

Hey guys, Sorry for taking a while to respond to this thread. You can verify that the request came from google by verifying the cert chain and that the leaf...

Hey @khalid64927, Without diving too far into the code snippit I just wanted to ask some quick questions/give some comments: 1. It seems like you are only doing leaf and...

@khalid64927 > I'm not doing the cert chain validation yet for that I suppose simply check for public keys in cert chain, but This will be problem in case google...

@bob-seeger I believe that the SHA-256 hash of any apps signing cert can be obtained by running `keytool -list -printcert -jarfile /path/to/file.apk`. I don't see any issue with someone getting...

One note -- you can use Google's Android Device Verification API instead of doing the 3 bullet points above. Keep in mind that calls are rate limited to the Device...

In testing, I noticed back and forth results for Android N devices when Android N was in beta FWIW.