Understanding Security Posture

AI-generated Key Takeaways

outlined_flag

• securityPosture provides a security evaluation of a device based on its current status, considering factors like root access or custom ROMs.

• The securityPosture includes devicePosture and postureDetails, where securityRisk indicates why a device isn't fully secure and advice suggests ways to improve security.

• By default, securityPosture is evaluated using hardware-backed key attestation (HBKA) for a trustworthy verdict, though software-based evaluation is used if HBKA fails.

• Understanding combinations of devicePosture and securityRisk helps interpret a device's overall security, including cases where HBKA fails or the device is potentially compromised.

• The Android Management API provides mappings between its security posture verdicts and those of the Play Integrity API.

securityPosture is the security evaluation of a device, determined by the current device status. Current device status is determined by factors such as if the device has been rooted, if it is running a custom ROM, and more.

securityPosture is broken down in the response into devicePosture and an additional list of postureDetails which contains the field securityRisk.

The securityRisk field gives an idea of why the device is not considered to be in the most secure state, while the advice list can help perform actions to improve the security posture of the device. For example:

 {
  "devicePosture": "POTENTIALLY_COMPROMISED",
  "postureDetails": [
    {
      "securityRisk": "UNKNOWN_OS",
      "advice": [
        {
          "defaultMessage": "The user should lock their device's bootloader."
        }
      ]
    },
    {
      "securityRisk": "HARDWARE_BACKED_EVALUATION_FAILED"
    }
  ]
}

Evaluating Security Posture

By default, securityPosture is evaluated using key attestation, specifically hardware-backed key attestation (HBKA) if applicable, providing a trustworthy security verdict as it generates and signs the attestation in secure hardware.

It may sometimes be the case that HBKA cannot be used for this evaluation. To reflect this, securityRisk will return "HARDWARE_BACKED_EVALUATION_FAILED". This means that securityPosture can be evaluated but not with HBKA, meaning that the device's boot integrity state could be compromised (e.g. the device could be rooted) and go undetected by software-based detection.

Understanding Security Posture Verdicts

Different combinations of devicePosture and securityRisk can be interpreted to understand the overall security of the device. Please be aware that the list below is not exhaustive:

• If devicePosture returns "SECURE" and securityRisk returns "HARDWARE_BACKED_EVALUATION_FAILED" the device's integrity is secure, but this could not be confirmed by HBKA.
• If devicePosture returns "POTENTIALLY_COMPROMISED" and no securityRisk result is returned, then HBKA is used in the evaluation and considers the device as compromised.
• If devicePosture returns "POTENTIALLY_COMPROMISED" and securityRisk returns "HARDWARE_BACKED_EVALUATION_FAILED" then only software based checks could be performed, yet the integrity threat signals are strong enough to consider the device as compromised.
• If devicePosture returns "POSTURE_UNSPECIFIED" then the security evaluation could not be completed. We recommend waiting for the re-issuance of the HBKA, which occurs when a new verdict is returned, to see if it can return a specific value. However, it is expected for "POSTURE_UNSPECIFIED" to occur on initial install for a short period of time.

Android Management API to Play Integrity API mappings

The following table provides the mapping equivalence between AM API verdict and the Play Integrity API verdict response.