New Blog: Duo Leverages Google’s SafetyNet to Establish Hardware-Backed Device Trust


In this modern age of security, trusting your users is not enough – you must also establish trust in all devices across your ecosystem. The best way to establish trust in your users’ devices is to use hardware-backed cryptographic properties, but how can you trust the devices in your ecosystem when attackers are able to obtain root access by exploiting known vulnerabilities, and root detection is becoming increasingly difficult?

Google is paving the way for hardware-backed cryptographic device attestation on Android with their SafetyNet API. The API determines if a device is in a normal, functional state.

As a fast-paced security company, we’re heavily invested in Trusted Access and Trusted Devices is a crucial pillar of Trusted Access. Duo’s Platform Edition allows administrators to set policies to only allow trusted devices to access their company’s sensitive data. In order for a device to be trusted, it cannot be tampered. Duo’s tamper detection not only includes standard rooted/jailbroken detection, but it also utilizes Google’s SafetyNet API for identifying tampered Android devices.

We will start rolling out our enhanced tamper detection as early as later this month and would love to see more industry leaders adopt hardware-backed remote attestation too. If you are already a Platform Edition customer and are utilizing our existing root detection, you will start taking advantage of SafetyNet by default.

Learn more in this blog by Robbie Small.