Skip to main content
Version: v5

Checking if a device is in a trusted or familiar location

Check trusted location#



AuthorizationstringRequiredBearer token generated in Authenticating section.

Query Parameters

userIdstringRequiredThe User ID set by you.
appIdstringRequiredYour application id (App Id).
installationIdstringRequiredReturned list will contain only information about the device whose ID is informed.
curl -k -v -H "Authorization: Bearer <your_token>" -G  --data-urlencode "installationId=<installation_id>" --data-urlencode "appId=<app_id>" "<user_id>/trusted-location"
Remember to encode the URL inputs using some URL encoder.
Response fieldTypeDescription
installationsobject arrayList of installations queried by the user and information about the integrity of the device used on these installations.
installation_idstringThe Installation ID.
scorenumberScore between 0.0 and 1.0 that indicates how sure we are that the user is in/next of one of user's safe locations in that moment.
reliabilityenum ("HIGH", "MEDIUM", "LOW, "NO_DATA")

It indicates how confident we ​​are about the user's trusted locations in general.

Understand reliability and match types fields.

evidencesobjectEvidences considered to provide the score and reliability.
frequent_location_distancenumberDistance from the matched user frequent location in meters.

Ranking about how frequent is the current location to the user.

Less (0) is the most frequent.


What type of match was used to calculate the score.

Understand reliability and match type fields.

user_locked_for_new_devicesbooleanWhether or not this user received risky login attempts from new devices. If that is the case, the account will be locked for new devices for a while.
new_devices_locked_forlongRemaining time in milliseconds during which login attempts from new devices which Incognia doesn't know are blocked. Starts at 30 minutes.
device_behavior_reputationenum ("suspect","allowed")Indicates if the device shows up in any dynamic allowlist or watchlist built by Incognia's models.
last_location_timestamplongThe timestamp when the last location was registered.
last_location_localitystringThe city where the last location was registered.
osenum ("android", "ios")Device operational system.
first_seen_atlongFirst time the device was seen at Incognia database.
last_seen_atlongLast time the device was seen at Incognia database.
integrity_infoobjectAn object containg several booleans about device integrity.
is_emulatorbooleanWe check if the device isn't a real smartphone.
has_fake_location_appbooleanInforms if there is an app that simulates GPS data.
has_fake_location_enabledbooleanChecks if the Android settings option that allows false location is enabled.
is_from_official_storebooleanIndicates if the app that has Incognia SDK was downloaded from an official app store.
has_test_keysbooleanIf the device has test-keys, it indicates that the kernel was signed by a third party key.
has_su_executablebooleanIndicates that there is a SuperUser (SU) executable on device.
has_root_manager_appbooleanChecks for the existence of certain application packages that are used for root installation/management and root camouflages.
has_root_only_appbooleanInforms if there is an app that is root dependent.
has_dangerous_system_propertiesbooleanIndicates that there are certain system properties that have specific flags when the device is rooted.
has_wrong_folder_permissionsbooleanIndicates that there are certain system folders that should be read-only, but are changed to read/write (When devices are rooted).

To assist our heuristics and allow us to put devices in a watchlist, you can send feedback about suspicious or fraudulent activity via the endpoint bellow from our Feedback API:

A device can be removed from a WATCHLISTED match type if it stops meeting the two criteria mentioned above - which must be a rare case.