I was instructed to implement the API SafetyNet Attestation in an app and there were some concerns about verifying the token.

We created an endpoint that will return a nonce generated on the server side that will include the hash of a mix of information to be validated later.

We need to implement the token verifier to run on the server side, and it will be basically a copy and paste of OfflineVerify.java provided by google here.

The issue is that I'm not sure whether one can forge this token/x509 certificate. According to the Attestation documentation, we need to check the host name in the certificate that should match attest.android.com and we can also validate other info present in the payload as well as the nonce.

I'm not an expert in cryptography/certificates but shouldn't we need to have a private key to validate the certificate?

Wouldn't it be possible to someone to create a x509 certificate, set its hostname to attest.android.com and the other fields to be just like the one returned from google and generate a genuine token that will pass the OfflineVerify.java?

I'd really appreciate any insights on this.

Thanks