.png)
Device attestation is how you verify that an Android device is what it claims to be — that its hardware is genuine, its software hasn't been tampered with, its bootloader hasn't been unlocked, and it's running the expected OS version with the expected security patches. In a zero-trust security model, you don't grant access to corporate resources based on a username and password alone. You verify the device itself is trustworthy. An Android MDM platform uses attestation signals to make access decisions: is this device compliant? Is it compromised? Should it be allowed to reach sensitive data?
This matters more than most teams realize. A rooted Android device with a modified OS can intercept encrypted traffic, extract application data, bypass security controls, and impersonate a legitimate managed device. Without attestation, your MDM is trusting a device that says "I'm compliant" without verifying whether the device itself is trustworthy enough to make that claim.
What Attestation Actually Checks
Android device attestation verifies device integrity at multiple layers. The checks vary depending on which attestation mechanism is used, but the core signals are consistent.
Boot state: has the bootloader been unlocked? An unlocked bootloader means the OS can be modified — custom ROMs, root access, system-level modifications. For enterprise security, an unlocked bootloader is a red flag. Attestation reports whether the bootloader is locked (expected) or unlocked (investigation needed).
System integrity: is the system partition unmodified? Verified boot checks that each stage of the boot process loads the expected, signed code. If system files have been tampered with — malware that modifies the OS, a rootkit, or a custom ROM — verified boot detects it and attestation reports it.
OS version and patch level: which Android version and security patch date is the device running? This isn't just inventory data — in a zero-trust model, it's an access decision. A device running an OS version with known critical vulnerabilities might be denied access to sensitive resources even if all other checks pass.
Hardware identity: is the device genuine hardware from the claimed manufacturer? Or is it an emulator, a modified device spoofing its identity, or hardware that's been physically tampered with? Hardware-backed attestation verifies this using keys burned into the device at the factory that can't be extracted or cloned.
App integrity: is the expected MDM agent running, and has it been tampered with? Some attestation flows verify that the calling application (your MDM agent) is the genuine, unmodified version distributed through Managed Google Play.
Hardware-Backed Key Attestation
The most robust form of Android attestation uses hardware-backed keys stored in a Trusted Execution Environment (TEE) or StrongBox secure element. These keys are generated inside the secure hardware at the factory and never leave it. Not even the OS can extract them.
When your MDM platform requests an attestation, the device generates a cryptographic proof signed by the hardware-backed key. This proof includes the device's boot state, OS version, patch level, and security configuration. Because the proof is signed by a key that's bound to genuine hardware and can't be extracted, forged, or cloned, you can trust that the attestation data is accurate.
This is fundamentally different from software-based attestation, where the OS self-reports its state. Software-based attestation can be spoofed by a compromised device. Hardware-backed attestation can't — the secure element operates independently of the main processor and OS. Even if the OS is fully compromised, the attestation key and signing process remain trustworthy.
The practical implication: when your MDM receives a hardware-backed attestation showing a locked bootloader, verified boot, and current patches from an Android Enterprise enrolled device, you can trust that data. It's not the device's OS telling you it's fine — it's the device's tamper-resistant hardware proving it.
Play Integrity API
Google's Play Integrity API (which replaced SafetyNet Attestation) is the most widely used attestation mechanism for Android. Apps call the Play Integrity API, and Google returns a verdict about the device's integrity.
The verdict includes three signals. Device integrity: is this a genuine Android device that passes Play Protect certification? If the device is rooted, running a custom ROM, or is an emulator, this signal fails. App integrity: is the calling app the genuine version distributed through Google Play? This catches repackaged or modified apps. Account details: is the user signed in with a genuine Google account?
Play Integrity API verdicts are issued by Google's servers, not by the device itself. The device sends attestation data to Google, Google evaluates it against its database of known-good device profiles, and returns a verdict. This means Google's threat intelligence — knowledge of known-compromised device models, rooting methods, and spoofing techniques — is factored into the verdict.
The limitation: Play Integrity requires Google Play Services. Devices without Google Play Services (some custom enterprise Android builds, devices in China, AOSP builds) can't use Play Integrity. For these devices, hardware-backed key attestation through the MDM agent is the alternative.
Attestation in Zero-Trust Architecture
Zero trust means "never trust, always verify." Applied to Android device management, this means every device must continuously prove its trustworthiness — not just at enrollment, not just once a day, but at every access attempt.
The flow works like this. A managed Android device requests access to a corporate resource — an internal web app, a cloud service, an API. The access control system (identity provider, reverse proxy, or SASE/ZTNA solution) checks with MDM: is this device compliant? The MDM platform evaluates the device's current attestation status, patch level, policy compliance, and security posture. If everything passes, access is granted. If not, the device is redirected to remediation (update the OS, re-enroll, contact IT) or blocked.
This is where attestation becomes an active security control rather than passive monitoring. A device that was compliant yesterday might not be compliant today — the user rooted the device, the bootloader was unlocked, the OS was downgraded. Continuous attestation catches these state changes and revokes access before the compromised device can reach sensitive data.
MDM's role in this architecture is the enforcement point. The MDM agent on the device collects attestation data, the MDM server evaluates it against your compliance policies, and the MDM platform communicates the device's trust status to your access control infrastructure. Without MDM in the loop, your zero-trust architecture has a blind spot for device integrity.
Practical Implementation
Implementing attestation-based access control requires a few pieces to be in place.
MDM enrollment is the baseline. You can't attest a device you don't manage. Every Android device accessing corporate resources should be enrolled in your MDM platform — that's the non-negotiable starting point.
Define your trust requirements. What constitutes a "trusted" device for your organization? At minimum: locked bootloader, verified boot passing, OS version within a supported range, security patch within your compliance window, MDM agent installed and reporting. For higher-security environments: hardware-backed attestation required, no root detection, specific device models only.
Set compliance policies in your MDM that map to these trust requirements. Devices that fail attestation get flagged as non-compliant.
Integrate MDM with your access control infrastructure. Your identity provider or ZTNA solution should query MDM for device compliance status before granting access to corporate resources. This is the enforcement step — where attestation data turns into access decisions.
Monitor and respond. Attestation failures need investigation. A device with a suddenly unlocked bootloader didn't do that by accident. A device that stops passing Play Integrity after months of passing needs attention. MDM alerts on attestation state changes give your security team the signal to act.
Attestation Limitations and Edge Cases
Attestation is powerful but not infallible. Understanding its limitations prevents overreliance on any single signal.
Timing gaps. Attestation checks happen at specific intervals — during policy sync, at access request time, or on a scheduled cadence. Between checks, a device's state can change. A user who roots their device between attestation checks has a window where the device appears trusted but isn't. Shorter check intervals reduce this window but increase network traffic and battery impact.
Device support variation. Not all Android devices support hardware-backed attestation equally. Flagship devices from major manufacturers have StrongBox or TEE-backed attestation. Budget devices may only support software-based attestation, which is less tamper-resistant. Your attestation policy needs to account for fleet diversity — requiring hardware-backed attestation when your fleet includes devices that don't support it will generate false non-compliance.
Rooting sophistication. Advanced rooting methods (like Magisk with MagiskHide) specifically target attestation bypass. They attempt to hide root status from Play Integrity and other attestation mechanisms. Google continuously updates its detection, and hardware-backed attestation is much harder to bypass than software-based checks, but the cat-and-mouse game is ongoing. Defense in depth — combining attestation with other security signals (compliance checks, app integrity, behavioral analysis) — provides a more robust trust evaluation than any single attestation mechanism alone.
Network dependencies. Play Integrity API requires network connectivity to reach Google's servers. A device that's temporarily offline can't complete an attestation check. Your access control policies need to handle this gracefully — do you block access when attestation can't be verified, or do you allow access with a cached trust status? The answer depends on your risk tolerance and the sensitivity of the resources being accessed.
Custom Android builds. Devices running custom Android builds without Google Play Services (AOSP builds, some regional devices, heavily customized enterprise devices) can't use Play Integrity API. For these devices, you need an alternative attestation strategy — hardware-backed key attestation through the MDM agent, or device trust evaluation based on MDM policy compliance without Google's attestation infrastructure.
Despite these edge cases, attestation remains the strongest mechanism for verifying Android device integrity at scale. The key is using it as one layer in a defense-in-depth approach — combined with MDM policy compliance, security controls, patch verification, and continuous monitoring — rather than as the sole gatekeeper.
Getting Started with Attestation
If you're not currently using attestation-based access controls, here's a practical starting sequence.
Start with visibility. Enable attestation reporting in your MDM platform without tying it to access decisions. See which devices pass and which fail. Understand your fleet's baseline trust posture. You'll likely discover devices with unlocked bootloaders, outdated OS versions, or missing Play Services that would fail attestation — better to discover this before you enforce it.
Set compliance policies. Once you understand your fleet, create policies that flag non-compliant devices. A device with an unlocked bootloader gets a warning in the dashboard. A device that fails Play Integrity gets flagged. Don't block access yet — just create awareness.
Enable conditional access for sensitive resources. Start with your most sensitive applications — the ones that access financial data, customer PII, or production infrastructure. Require attestation for these resources. Less sensitive resources (general email, internal wiki) can have softer requirements.
Expand gradually. As your fleet reaches high compliance rates and your team is comfortable with the operational workflow, expand attestation requirements to more resources. The goal is full conditional access based on device trust — but getting there gradually prevents the operational disruption of blocking 20% of your fleet on day one.
Communicate with employees. If [BYOD devices](/blog/android-byod-work-profiles) are in scope, employees need to understand what attestation means for them. A device with an unlocked bootloader or custom ROM will fail attestation. If employees are expected to maintain devices in a trustworthy state, they need to know what that means and why it matters.
Device trust isn't a checkbox. It's a continuous evaluation. Attestation gives you the data. MDM gives you the enforcement. Together, they ensure that the Android devices accessing your corporate resources are genuinely what they claim to be — not compromised, not spoofed, and not running on a foundation you can't trust.
.webp)
