search

okta / okta-devices-kotlin

okta-devices-kotlin
https://github.com/okta/okta-devices-kotlin
Apache License 2.0
5 stars 3 forks source link

Usage of deprecated SafetyNet Attestation API #65

Open yahia-allam opened 5 months ago

yahia-allam commented 5 months ago

Describe the bug?

The Play Store is reporting that SafetyNet Attestation API is deprecated and soon will be shut down. Our app is getting the following warning in the screenshot, because of the dependency com.google.android.gms:play-services-safetynet:18.0.1. Which is a dependency of com.okta.devices:devices-push:1.1.0

Screenshot 2024-03-28 at 11 31 26

What is expected to happen?

To use non-deprecated API

What is the actual behavior?

Usage of a deprecated API

Reproduction Steps?

Using latest version of the library com.okta.devices:devices-push:1.1.0

Additional Information?

No response

SDK Version and Artifact(s) used.

SDK Version 1.1.0

Build Information

No response

HansReich commented 5 months ago

Thank you for flagging this to us. Push SDK does not actually use safetynet so production will not be impacted by this even after deprecation. We understand getting flagged for it is annoying and may have Play Store implications for updates, however, so will look into this. The library was pulled in by a shared dependency with another feature outside of Push.

FeiChen-okta commented 5 months ago

@yahia-allam We'll remove it from the devices-push library . In the meantime you can remove it with:

    implementation("com.okta.devices:devices-push:1.1.0") {
        exclude(group = "com.google.android.gms", module = "play-services-safetynet")
    }