我正在尝试使用https://developer.android.com/training/safetynet/safebrowsing.html上的安全浏览指南来实现一个简单的 URL 请求签入 Android,以获取某些 URL 的恶意软件或网络钓鱼威胁。
我正在使用一个片段(用于选项卡式活动)来实现 API,它应该检索带有恶意软件站点信息的请求,但始终是恶意站点不是真正威胁的响应。
例如这个网站:http://malware.testing.google.test/testing/malware/ 使用透明度报告工具:https ://transparencyreport.google.com/safe-browsing/search?url=http:%2F% 2Fmalware.testing.google.test%2Ftesting%2Fmalware%2F显示该站点是恶意的,但在我的应用程序中显示该站点是受信任的站点。
这是我的代码:
public class ThreatList extends Fragment{
@Override
public void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
}
@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
View view = inflater.inflate(R.layout.fragment_threat, container, false);
new LoadThreatData().execute();
return view;
}
@Override
public void onResume(){
super.onResume();
}
@SuppressLint("StaticFieldLeak")
private class LoadThreatData extends AsyncTask<Void, Integer, Void>{
@Override
protected Void doInBackground(Void... voids) {
SafetyNet.getClient(getActivity()).initSafeBrowsing();
Log.d("Threats", "init");
return null;
}
@Override
protected void onPostExecute(Void result){
String url = "http://malware.testing.google.test/testing/malware/"; //"go.trackmyclicks202.com";//"http://ianfette.org/"; //"http://malware.wicar.org/data/eicar.com";
SafetyNet.getClient(getActivity()).lookupUri(
url,
"MY_API_KEY_FROM_GOOGLE_DEVELOPERS_CONSOLE",
SafeBrowsingThreat.TYPE_POTENTIALLY_HARMFUL_APPLICATION,
SafeBrowsingThreat.TYPE_SOCIAL_ENGINEERING)
.addOnSuccessListener(getActivity(), new OnSuccessListener<SafetyNetApi.SafeBrowsingResponse>() {
@Override
public void onSuccess(SafetyNetApi.SafeBrowsingResponse sbResponse) {
// Indicates communication with the service was successful.
// Identify any detected threats.
if (sbResponse.getDetectedThreats().isEmpty()) {
// No threats found.
Log.e("Threats", "no threats found");
Toast.makeText(
getActivity(),
"no threats",
Toast.LENGTH_SHORT)
.show();
//always get in here
} else {
// Threats found!
Log.e("Threats", sbResponse.toString());
Toast.makeText(
getActivity(),
sbResponse.toString(),
Toast.LENGTH_SHORT)
.show();
}
}
})
.addOnFailureListener(getActivity(), new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
// An error occurred while communicating with the service.
if (e instanceof ApiException) {
// An error with the Google Play Services API contains some
// additional details.
ApiException apiException = (ApiException) e;
Log.d(TAG, "Error: " + CommonStatusCodes
.getStatusCodeString(apiException.getStatusCode()));
Toast.makeText(
getActivity(),
"error1",
Toast.LENGTH_SHORT)
.show();
// Note: If the status code, apiException.getStatusCode(),
// is SafetyNetstatusCode.SAFE_BROWSING_API_NOT_INITIALIZED,
// you need to call initSafeBrowsing(). It means either you
// haven't called initSafeBrowsing() before or that it needs
// to be called again due to an internal error.
} else {
// A different, unknown type of error occurred.
Log.d(TAG, "Error: " + e.getMessage());
Toast.makeText(
getActivity(),
"error2",
Toast.LENGTH_SHORT)
.show();
}
}
});
}
}
}
在gradle中使用:
compile 'com.google.android.gms:play-services-safetynet:11.8.0'
在清单中放置权限:
<uses-permission android:name="android.permission.INTERNET" />
我不知道自己做错了什么,我使用的是最新版本的 V4 API,但无论使用什么 URL,始终显示它不是威胁,因此我不使用 V3 API 现在已弃用它。
API 已经启用,我得到了我的 API 密钥和所有必要的配置,但是在谷歌开发者控制台的 API 面板中显示特定 API 没有流量或使用情况,请帮忙!!!