I call: mSafetyNetClient.attest(nonce, apiKey)
and I send in my nonce and API Key. Basically it seems to only work when I have the API Key unrestricted. If I restrict it to only android apps, it stops working.
Why is that and how do I get it to work with android apps restriction?
Thanks for reading.
Here's the answer that I found on a similarly asked question. Enjoy! :)
I've contacted a friend of mine at Google, and he reached out to their team. This is currently not supported - there's no way to get this API restricted with the SHA1 fingerprint. It's on their internal roadmap to accommodate this, but for now it won't work.
If you go to their quota request page you can see that they specifically say not to use any form of API key restrictions.