FIX Timeout for ANDROID_SAFETYNET_ATTESTATION #52
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What is this PR for?
This pull request is intended to fix a critical issue in the timestamp validation logic used in the SafetyNet attestation process for Android devices. The adjustment ensures the validity period check is accurate and compliant with security standards.
Overview or reasons
The existing code used to validate the timestamp in SafetyNet attestation had an error in the multiplication factor, resulting in a shorter threshold than intended. Specifically, the condition mistakenly used 60 * 100 milliseconds (6 seconds), whereas it should be 60 * 1000 milliseconds (60 seconds or 1 minute). This discrepancy could lead to premature rejection of valid attestations.
Tasks
Code Correction: Modified the multiplier in the timestamp validation from 100 to 1000, correcting the threshold from 6000 milliseconds to 60000 milliseconds.
Result
The correction to the timestamp validation logic now ensures that the threshold is set correctly at 60000 milliseconds (1 minute). This fix aligns the implementation with the intended security specifications and prevents the erroneous rejection of valid SafetyNet attestations. The functionality has been confirmed through thorough unit testing.