Google Play Integrity API.

Google's server-side device-and-app attestation API for Android, the successor to SafetyNet Attestation, used by apps to verify they are running on a genuine, unmodified device with the official, Play-distributed binary. Es gehört zur Kategorie Mobile Sicherheit der Cybersicherheit.

Google's server-side device-and-app attestation API for Android, the successor to SafetyNet Attestation, used by apps to verify they are running on a genuine, unmodified device with the official, Play-distributed binary.

The Play Integrity API is Google's current device and app attestation service for Android, replacing the deprecated SafetyNet Attestation API. An Android app calls the API at sensitive moments (login, payment, anti-cheat checks) and receives a signed token that the app's backend can verify with Google. The token carries three verdicts: 'device integrity' (was this command issued from an Android device with an intact platform — `MEETS_DEVICE_INTEGRITY`, `MEETS_STRONG_INTEGRITY` for stronger hardware-backed evidence, `MEETS_BASIC_INTEGRITY`), 'app integrity' (was the binary that called the API the one Google Play distributed for the published app), and 'account details' (does this user own the app via Play). Roll-out evolved through 2022–2024 with tiers: 'Classic' free quota, paid 'Standard' for higher volume, and hardware-attested variants that increasingly tie the verdict to KeyMint key attestation. Attacks include Magisk-based root hiders, custom ROMs spoofing device fingerprints, Frida-bypass research, and a constant cat-and-mouse with hardware-attested checks. Use cases include banking, fintech, mobile games, mobile DRM, and any app where backend trust depends on the client environment.

Schutzmaßnahmen gegen Google Play Integrity API kombinieren typischerweise technische Kontrollen und operative Praktiken, wie in der Definition oben beschrieben.

Übliche alternative Bezeichnungen: Play Integrity, SafetyNet successor.