From 16f0a12891d06d35eddb578f4f4cf669cd603e5f Mon Sep 17 00:00:00 2001 From: Hakuro Matsuda Date: Thu, 2 Feb 2017 18:46:21 +0900 Subject: [PATCH] Update README.md Added note not to use the verification API in the production scenario. --- server/README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/server/README.md b/server/README.md index 83b6a51..1094785 100644 --- a/server/README.md +++ b/server/README.md @@ -1,4 +1,5 @@ -Server SafetyNet Samples + +SafetyNet Samples =================================== This sample demonstrates how to verify the response received from the SafetyNet service. @@ -6,7 +7,7 @@ This sample demonstrates how to verify the response received from the SafetyNet It shows how to extract the compatibility check response from the JWS message, validate its SSL certificate chain, hostname and signature. This check can be done completely offline (See `OfflineVerify.java`) or by using the _Android Verification API_ to verify the content and signature of the response (see `OnlineVerify`). This REST API requires you to register at the Google Developers console and register for an API key. Detailed steps are available [in the documentation] under _Validating the response with Google APIs_. - +Note: The API is rate-limited. For the reason, you should use the API only for testing during the initial development stage. You shouldn't use this verification API in a production scenario. Note that this sample only provides a basic overview over the verification process and does not cover all possibilities. For example,it is reccomended to always verify the nonce in the request as well. This sample also does not show the app-to-server communication. @@ -52,7 +53,6 @@ Runing the Samples * Retrieve a signed statement from the Android app and copy it to your machine. (You can use the "Share Result" option.) * Build this server component and provide the signed statement as input. - Support ------- @@ -83,4 +83,4 @@ License for the specific language governing permissions and limitations under the License. [key]: https://developer.android.com/training/safetynet/index.html#verify-compat-check "See Validating the response with Google APIs" -[replay-attack]:https://en.wikipedia.org/wiki/Replay_attack \ No newline at end of file +[replay-attack]:https://en.wikipedia.org/wiki/Replay_attack