我正在尝试使用https://developer.android.com/training/safetynet/safebrowsing.html上的安全浏览指南实施一个简单的URL请求签入Android,以获取某些URL的恶意软件或网络钓鱼威胁。
我正在使用片段(用于标签式活动)来实现API,它应该检索带有恶意软件站点信息的请求,但始终是恶意站点不是真正威胁的响应。
例如此网站:http://malware.testing.google.test/testing/malware/ 使用透明度报告工具:https://transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fmalware.testing.google.test%2Ftesting%2Fmalware%2F显示该网站是恶意的,但在我的应用中显示该网站是受信任的网站。
这是我的代码:
public class ThreatList extends Fragment{
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
}
@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
View view = inflater.inflate(R.layout.fragment_threat, container, false);
new LoadThreatData().execute();
return view;
}
@Override
public void onResume(){
super.onResume();
}
@SuppressLint("StaticFieldLeak")
private class LoadThreatData extends AsyncTask<Void, Integer, Void>{
@Override
protected Void doInBackground(Void... voids) {
SafetyNet.getClient(getActivity()).initSafeBrowsing();
Log.d("Threats", "init");
return null;
}
@Override
protected void onPostExecute(Void result){
String url = "http://malware.testing.google.test/testing/malware/"; //"go.trackmyclicks202.com";//"http://ianfette.org/"; //"http://malware.wicar.org/data/eicar.com";
SafetyNet.getClient(getActivity()).lookupUri(
url,
"MY_API_KEY_FROM_GOOGLE_DEVELOPERS_CONSOLE",
SafeBrowsingThreat.TYPE_POTENTIALLY_HARMFUL_APPLICATION,
SafeBrowsingThreat.TYPE_SOCIAL_ENGINEERING)
.addOnSuccessListener(getActivity(), new OnSuccessListener<SafetyNetApi.SafeBrowsingResponse>() {
@Override
public void onSuccess(SafetyNetApi.SafeBrowsingResponse sbResponse) {
// Indicates communication with the service was successful.
// Identify any detected threats.
if (sbResponse.getDetectedThreats().isEmpty()) {
// No threats found.
Log.e("Threats", "no threats found");
Toast.makeText(
getActivity(),
"no threats",
Toast.LENGTH_SHORT)
.show();
//always get in here
} else {
// Threats found!
Log.e("Threats", sbResponse.toString());
Toast.makeText(
getActivity(),
sbResponse.toString(),
Toast.LENGTH_SHORT)
.show();
}
}
})
.addOnFailureListener(getActivity(), new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
// An error occurred while communicating with the service.
if (e instanceof ApiException) {
// An error with the Google Play Services API contains some
// additional details.
ApiException apiException = (ApiException) e;
Log.d(TAG, "Error: " + CommonStatusCodes
.getStatusCodeString(apiException.getStatusCode()));
Toast.makeText(
getActivity(),
"error1",
Toast.LENGTH_SHORT)
.show();
// Note: If the status code, apiException.getStatusCode(),
// is SafetyNetstatusCode.SAFE_BROWSING_API_NOT_INITIALIZED,
// you need to call initSafeBrowsing(). It means either you
// haven't called initSafeBrowsing() before or that it needs
// to be called again due to an internal error.
} else {
// A different, unknown type of error occurred.
Log.d(TAG, "Error: " + e.getMessage());
Toast.makeText(
getActivity(),
"error2",
Toast.LENGTH_SHORT)
.show();
}
}
});
}
}
}
在gradle中使用:
compile 'com.google.android.gms:play-services-safetynet:11.8.0'
在清单中放了许可:
<uses-permission android:name="android.permission.INTERNET" />
我不知道我做错了什么,我使用的是最新版本的V4 API,但无论使用什么网址,总是显示它不是威胁,因此我不赞成使用V3 API不要用它。
API已经启用,我获得了我的API密钥和所有必要的配置,但是在谷歌开发者控制台的API面板中显示特定API没有流量或用途,请帮助!