Hi,

Starting in March 2018, Google Play will be adding a small amount of metadata to all apps, as discussed in this blog post. If you’re using the SafetyNet Attestation API for validation, there is a possibility that your app could stop working for some users. Please read our recommended course of action below.

What’s changing
The apkDigestSha256 value in the SafetyNet Attestation API response will be different from the original hash value of the APK that you previously uploaded to Google Play. This value will now be a hash of the APK that includes the new metadata.

Action recommended
If you are using the apkDigestSha256 field for validation, we recommend that you change your logic to use the apkCertificateDigestSha256 and apkPackageName instead. The certificate digest will become the most reliable way to verify your app’s APK based on the signing key. If you continue to use apkDigestSha256, your app might stop working for some users.

If you are unable to implement the above changes before March 2018 please complete this form.

Regards,
SafetyNet API Clients Team