Skip to content
SDKs · AndroidComing soon

io.rootherald:rootherald

Kotlin SDK using Android Key Attestation (TEE / StrongBox). Like every other platform SDK it is a keyless evidence collector — it holds no RootHerald key and never renders a verdict. It collects an evidence blob over a nonce your backend issued; your backend relays that blob to the verify API, which appraises it.

Coming soon — in development

This SDK is planned and not yet available. Until it ships, mint attestation tokens on the device and verify them server-side with @rootherald/node (or any available server SDK). The API shown below is the planned surface and may change before release.

Install

settings.gradle.ktskotlin
dependencyResolutionManagement {
    repositories {
        google()
        mavenCentral()
    }
}
app/build.gradle.ktskotlin
dependencies {
    implementation("io.rootherald:rootherald:1.0.0")
    implementation("org.jetbrains.kotlinx:kotlinx-coroutines-android:1.7.3")
}

Attest a sign-up

The client is keyless — the constructor takes no key and no endpoint. It collects an evidence blob over a nonce your backend issued; your backend relays that blob to POST /api/v1/attestations/verify (using its rh_sk_ secret via a server SDK) and enforces the verdict. The verdict never travels through the app.

SignupViewModel.ktkotlin
import io.rootherald.RootHeraldClient

class SignupViewModel : ViewModel() {
    // Keyless: no api_key, no endpoint — nothing to connect to.
    private val client = RootHeraldClient()

    fun submitSignup(email: String, password: String) {
        viewModelScope.launch {
            // 1. Ask YOUR backend for a fresh challenge nonce (it called
            //    /api/v1/attestations/challenge with its rh_sk_ secret).
            val nonce = api.getChallengeNonce(action = "signup")

            // 2. Collect a keyless evidence blob on-device (no verdict, no
            //    call to RootHerald).
            val evidenceJson = client.collectEvidence(nonce)

            // 3. Relay the blob to your backend, which POSTs it to
            //    /attestations/verify and enforces the returned verdict.
            api.signup(email, password, evidence = evidenceJson)
        }
    }
}

StrongBox vs TEE

The SDK transparently picks the strongest available hardware backing. On devices with a StrongBox Keymaster, attestation cert chains are rooted in the dedicated security IC (Pixel 3+, recent Samsung Galaxy S series). On devices without StrongBox, the TEE-backed root is used. The hardware backing travels inside the collected evidence, so the server-side policy can require StrongBox via the tenant policy (see tpm-class-policy) and the verify response surfaces the backing in the device verdict returned to your backend.

Play Integrity coexistence

Root Herald is complementary to Play Integrity. Integrity attests the app binary and Play account state; Root Herald attests the device hardware via Key Attestation. Use both: the combined signal is stronger than either alone.

Sample app

A full single-screen sample app ships alongside the SDK when it is released.