The Google Play Integrity API is an interface that helps developers “check that interactions and server requests are coming from [their] genuine app binary running on a genuine Android device.” It looks for evidence that the app has been tampered with, that the app is running in an “untrustworthy” software environment, that the device has Google Play Protect enabled, and more. If you’ve heard of or dealt with SafetyNet Attestation before on a rooted phone, then you’re probably already familiar with Play Integrity, even if not by that name. Play Integrity is the successor to SafetyNet Attestation, only it comes with even more features for developers.
As is the case with SafetyNet Attestation, developers call the Play Integrity API at any point in their app, receive what’s called an integrity verdict, and then decide what they want to do from there. Some apps call the Play Integrity API when they launch and block access entirely depending on what the verdict is, while others only call the API when you’re about to perform a sensitive action, so they can warn you that you shouldn’t proceed. The Play Integrity API makes it easy for apps to offload the determination of whether the device and its software environment are “genuine,” and with the latest update to the API, apps can now easily determine whether the person who installed them is “genuine” as well. “As Google continues to bolster Play Integrity’s detection mechanisms and add new features, it’s going to become harder and harder for power users to justify rooting Android,” concludes Rahman. “At the same time, regular users will be better protected from potentially risky and fraudulent interactions, so it’s clear that Play Integrity will continue to be adopted by more and more apps.”
Read more of this story at Slashdot.