AndroidAttestationConfiguration

list of applications to be attested

optional parameter. If set, attestation enforces Android version to be greater or equal to this parameter. Caution: Major Android versions increment in steps of ten-thousands. I.e. Android 11 is specified as 110000 Can be overridden for individual apps

optional parameter. If set, attestation enforces Security patch level to be greater or equal to this parameter

optional parameter. Set to true if StrongBox security level should be required

optional parameter. Set to true if unlocked bootloaders should be allowed. Attention: Allowing unlocked bootloaders in production effectively defeats the purpose of app attestation. (but retains the ability to attest whether a key is securely stored in hardware) Useful for debugging/testing

optional parameter. Unsupported by most devices. See Official Documentation

optional parameter. Whether to ignore the timely validity of the leaf certificate (looking at you, Samsung!)

Manually specify the trust anchor for HW-attested certificate chains. Defaults to google HW attestation key. Overriding this set is useful for automated end-to-end tests, for example. The default trust anchors are accessible through GOOGLE_DEFAULT_HARDWARE_TRUST_ANCHORS

Manually specify the trust anchor for SW-attested certificate chains. Defaults to google SW attestation keys. Overriding this set is useful for automated end-to-end tests, for example. The default trust anchors are accessible through GOOGLE_SOFTWARE_TRUST_ANCHORS_UNTIL_A12

Entirely disable creation of a HardwareAttestationVerifier. Only change this flag, if you really know what you are doing!

Enables software attestation. A SoftwareAttestationVerifier can only be instantiated if this flag is set to true. Only change this flag, if you really know what you are doing! Enabling this flag, while keeping disableHardwareAttestation true makes is possible to instantiate both a HardwareAttestationVerifier and a SoftwareAttestationVerifier.