Angular 4.1.0 Now Available

25 April 2017

 

Angular version 4.1.0 - is now available. This is a minor release following our announced adoption of Semantic Versioning, meaning that it contains no breaking changes and that it is a drop-in replacement for 4.x.x.

What's new?

  • Version 4.1 adds full support for TypeScript 2.2 and 2.3. Developers previously reported good experiences with TypeScript 2.2 and 2.3, but Angular is now built with TypeScript 2.3. This does not affect our support for TypeScript 2.1 which shipped with 4.0.
  • Angular is now compliant with TypeScript’s StrictNullChecks. This means that you can enable StrictNullChecks in your project, if desired.

SafetyNet attestation, a building block for anti-abuse

24 April 2017

 

Building innovative security features for Android app developers and their users continues to be a priority. As part of this effort, we provide SafetyNet attestation, an API for developers to remotely evaluate whether they are talking to a genuine Android device.

SafetyNet examines software and hardware information on the device to assess its integrity. The result is a cryptographically signed statement, attesting basic properties of the device — such as overall integrity and compatibility with Android (CTS) — as well as metadata about your app, such as its package name and signature. The following JSON snippet shows an example of how the API reports this information:

{ "nonce": "R2Rra24fVm5xa2Mg", "timestampMs": 9860437986543, "apkPackageName": "com.package.name.of.requesting.app", "apkCertificateDigestSha256": ["base64 encoded, SHA-256 hash of the certificate used to sign requesting app"], "apkDigestSha256": "base64 encoded, SHA-256 hash of the app's APK", "ctsProfileMatch": true, "basicIntegrity": true, }

 

The contents of an example attestation response, providing information about the calling app and the integrity and compatibility of the device.

The SafetyNet attestation API can help your server distinguish traffic coming from genuine, compatible Android devices from traffic coming from less-trusted sources, including non-Android devices. This classification helps you better understand the risks associated with each device so that you can fine-tune preventive or mitigative actions in case of abuse or misbehavior.

We encourage developers to use SafetyNet attestations to augment their anti-abuse strategy. Combine SafetyNet attestation with other signals, such as your existing device-side signals and behavioral signals about what the user is trying to do, in order to build robust, multi-tier protection systems.


Quick Quote