1 page.title=Checking URLs with the Safe Browsing API 2 3 @jd:body 4 5 6 <div id="tb-wrapper"> 7 <div id="tb"> 8 <h2> 9 In this document 10 </h2> 11 12 <ol> 13 <li> 14 <a href="#tos">Terms of Service</a> 15 </li> 16 17 <li> 18 <a href="#api-key">Requesting and Registering an Android API Key</a> 19 <ol> 20 <li> 21 <a href="#manifest">Adding the Android API to your 22 AndroidManifest.xml</a> 23 </li> 24 </ol> 25 </li> 26 27 <li> 28 <a href="#connect-google-play">Connect to Google Play Services</a> 29 </li> 30 31 <li> 32 <a href="#url-check">Requesting a URL Check</a> 33 <ol> 34 <li> 35 <a href="#threat-types">Specifying threat types of interest</a> 36 </li> 37 38 <li> 39 <a href="#url-check-request">Send the URL check request</a> 40 </li> 41 42 <li> 43 <a href="#url-check-response">Read the URL check response</a> 44 </li> 45 </ol> 46 </li> 47 48 <li> 49 <a href="#warning-lang">Suggested Warning Language</a> 50 </li> 51 </ol> 52 </div> 53 </div> 54 55 <p> 56 SafetyNet provides services for determining whether a URL has been marked as 57 a known threat by Google. 58 </p> 59 60 <p> 61 The service provides an API your app can use to determine whether a 62 particular URL has been classified by Google as a known threat. Internally, 63 SafetyNet implements a client for the Safe Browsing Network Protocol v4 64 developed by Google. Both the client code and the v4 network protocol were 65 designed to preserve users' privacy, as well as keep battery and bandwidth 66 consumption to a minimum. This API allows you to take full advantage of 67 Google's Safe Browsing service on Android in the most resource-optimized way, 68 and without having to implement its network protocol. 69 </p> 70 71 <p> 72 This document shows you how to use SafetyNet for checking a URL for threat 73 types of interest. 74 </p> 75 76 <h2 id="tos"> 77 Terms of Service 78 </h2> 79 80 <p> 81 By using the Safe Browsing API, you consent to be bound by the <a href= 82 "https://developers.google.com/safe-browsing/terms">Terms of Service</a>. 83 Please read and understand all applicable terms and policies before accessing 84 the Safe Browsing API. 85 </p> 86 87 <h2 id="api-key"> 88 Requesting and Registering an Android API Key 89 </h2> 90 91 <p> 92 To create an API key, complete the following steps: 93 </p> 94 95 <ol> 96 <li>Go to the <a href="https://console.developers.google.com/project" 97 class="external-link">Google Developers Console</a>. 98 </li> 99 100 <li>On the upper toolbar, choose <strong>Select a project > 101 <em>your-project-name</em></strong>. 102 </li> 103 104 <li>In the search box, enter <em>Safe Browsing APIs</em>; when the Safe 105 Browsing API name appears in the table, select it. 106 </li> 107 108 <li>After the page redisplays, select <strong>Enable</strong> then select 109 <strong>Go to Credentials</strong>. 110 </li> 111 112 <li>When the <em>Add credentials to your project</em> window appears, choose 113 your parameters then select <strong>What credentials do I need?</strong>. 114 </li> 115 116 <li>Enter a name for your API key then select <strong>Create API 117 key</strong>. 118 </li> 119 120 <li> 121 <p> 122 Your new API key appears; copy and paste this key for future use. 123 </p> 124 125 <p class="note"> 126 <strong>Note:</strong> Your API key allows you to perform a URL check 127 10,000 times each day. The key, in this instance, should just be a 128 hexadecimal string, not part of a URL. 129 </p> 130 </li> 131 132 <li>Select <strong>Done</strong> to complete the process. 133 </li> 134 </ol> 135 136 <p> 137 If you need more help, check out the <a href= 138 "https://developers.google.com/console/help/new/">Google Developers Console 139 Help Center</a>. 140 </p> 141 142 <h3 id="manifest"> 143 Adding the Android API key to your AndroidManifest.xml 144 </h3> 145 146 <p> 147 Once your key has been whitelisted, you need to add the key to the 148 <code>AndroidManifest.xml</code> file for your app: 149 </p> 150 151 <pre> 152 <application> 153 154 ... 155 156 <!-- SafetyNet API metadata --> 157 <meta-data android:name="com.google.android.safetynet.API_KEY" 158 android:value="<var>your-API-key</var>" /> 159 160 ... 161 162 </application> 163 </pre> 164 <h2 id="connect-google-play"> 165 Connect to Google Play Services 166 </h2> 167 168 <p> 169 The SafetyNet API is part of Google Play services. To connect to the API, you 170 need to create an instance of the Google Play services API client. For 171 details about using the client in your app, see <a href= 172 "https://developers.google.com/android/guides/api-client#Starting">Accessing 173 Google APIs</a>. Once you have established a connection to Google Play 174 services, you can use the Google API client classes to connect to the 175 SafetyNet API. 176 </p> 177 178 <p> 179 To connect to the API, in your activity's <code><a href= 180 "{@docRoot}reference/android/app/Activity.html#onCreate(android.os.Bundle)">onCreate()</a></code> 181 method, create an instance of Google API Client using <code><a href= 182 "https://developers.google.com/android/reference/com/google/android/gms/common/api/GoogleApiClient.Builder"> 183 GoogleApiClient.Builder</a></code>. Use the builder to add the SafetyNet API, 184 as shown in the following code example: 185 </p> 186 187 <pre> 188 protected synchronized void buildGoogleApiClient() { 189 mGoogleApiClient = new GoogleApiClient.Builder(this) 190 .addApi(SafetyNet.API) 191 .addConnectionCallbacks(myMainActivity.this) 192 .build(); 193 } 194 </pre> 195 <p class="note"> 196 <strong>Note:</strong> You can only call these methods after your app has 197 established a connection to Google Play services by receiving the <code> 198 <a href="https://developers.google.com/android/reference/com/google/android/gms/common/api/GoogleApiClient.ConnectionCallbacks#public-methods"> 199 onConnected()</a></code> callback. For details about listening for a completed 200 client connection, see <a href= 201 "https://developers.google.com/android/guides/api-client#Starting">Accessing 202 Google APIs</a>. 203 </p> 204 205 <h2 id="url-check"> 206 Requesting a URL Check 207 </h2> 208 209 <p> 210 A URL check allows your app to determine if a URL has been marked as a threat 211 of interest. Some threat types may not be of interest to your particular 212 app, and the API allows you to choose which threat types are important for 213 your needs. You can specify multiple threat types of interest. 214 </p> 215 216 <h3 id="threat-types"> 217 Specifying threat types of interest 218 </h3> 219 220 <p> 221 The constants in the {@code SafeBrowsingThreat} class contain the 222 currently-supported threat types: 223 </p> 224 225 <pre> 226 package com.google.android.gms.safetynet; 227 228 public class SafeBrowsingThreat { 229 230 /** 231 * This threat type identifies URLs of pages that are flagged as containing potentially 232 * harmful applications. 233 */ 234 public static final int TYPE_POTENTIALLY_HARMFUL_APPLICATION = 4; 235 236 /** 237 * This threat type identifies URLs of pages that are flagged as containing social 238 * engineering threats. 239 */ 240 public static final int TYPE_SOCIAL_ENGINEERING = 5; 241 } 242 </pre> 243 <p> 244 When using the API, you must use constants that are not marked as deprecated. 245 You add threat type constants as arguments to the API. You may add as many 246 threat type constants as is required for your app. 247 </p> 248 249 <h3 id="url-check-request"> 250 Send the URL check request 251 </h3> 252 253 <p> 254 The API is agnostic to the scheme used, so you can pass the URL with or 255 without a scheme. For example, either 256 </p> 257 258 <pre> 259 String url = "https://www.google.com"; 260 </pre> 261 <p> 262 or 263 </p> 264 265 <pre> 266 String url = "www.google.com"; 267 </pre> 268 <p> 269 is valid. 270 </p> 271 272 <pre> 273 SafetyNet.SafetyNetApi.lookupUri(mGoogleApiClient, url, 274 SafeBrowsingThreat.TYPE_POTENTIALLY_HARMFUL_APPLICATION, 275 SafeBrowsingThreat.TYPE_SOCIAL_ENGINEERING) 276 .setResultCallback( 277 new ResultCallback<SafetyNetApi.SafeBrowsingResult>() { 278 279 @Override 280 public void onResult(SafetyNetApi.SafeBrowsingResult result) { 281 Status status = result.getStatus(); 282 if ((status != null) && status.isSuccess()) { 283 // Indicates communication with the service was successful. 284 // Identify any detected threats. 285 if (result.getDetectedThreats().isEmpty()) { 286 287 } 288 } else { 289 // An error occurred. Let the user proceed without warning. 290 } 291 } 292 }); 293 </pre> 294 <h3 id="url-check-response"> 295 Read the URL check response 296 </h3> 297 298 <p> 299 The result is provided as a list of {@code SafeBrowsingThreat} objects by 300 calling the {@code SafetyNetApi.SafeBrowsingResult.getDetectedThreats()} 301 method of the returned {@code SafetyNetApi.SafeBrowsingResult} object. If the 302 list is empty, no threats were detected; otherwise, calling {@code 303 SafeBrowsingThreat.getThreatType()} on each element in the list enumerates 304 the threats that were detected. 305 </p> 306 307 <h2 id="warning-lang"> 308 Suggested Warning Language 309 </h2> 310 311 <p> 312 Please see the Safe Browsing API Developer's Guide for <a href= 313 "https://developers.google.com/safe-browsing/v4/usage-limits#suggested--warning-language"> 314 suggested warning language</a>. 315 </p>
