Google Play Integrity API.

Google's server-side device-and-app attestation API for Android, the successor to SafetyNet Attestation, used by apps to verify they are running on a genuine, unmodified device with the official, Play-distributed binary. サイバーセキュリティの モバイルセキュリティ カテゴリに属します。

Google's server-side device-and-app attestation API for Android, the successor to SafetyNet Attestation, used by apps to verify they are running on a genuine, unmodified device with the official, Play-distributed binary.

The Play Integrity API is Google's current device and app attestation service for Android, replacing the deprecated SafetyNet Attestation API. An Android app calls the API at sensitive moments (login, payment, anti-cheat checks) and receives a signed token that the app's backend can verify with Google. The token carries three verdicts: 'device integrity' (was this command issued from an Android device with an intact platform — `MEETS_DEVICE_INTEGRITY`, `MEETS_STRONG_INTEGRITY` for stronger hardware-backed evidence, `MEETS_BASIC_INTEGRITY`), 'app integrity' (was the binary that called the API the one Google Play distributed for the published app), and 'account details' (does this user own the app via Play). Roll-out evolved through 2022–2024 with tiers: 'Classic' free quota, paid 'Standard' for higher volume, and hardware-attested variants that increasingly tie the verdict to KeyMint key attestation. Attacks include Magisk-based root hiders, custom ROMs spoofing device fingerprints, Frida-bypass research, and a constant cat-and-mouse with hardware-attested checks. Use cases include banking, fintech, mobile games, mobile DRM, and any app where backend trust depends on the client environment.

Google Play Integrity API に対する防御は通常、上記の定義で述べたとおり、技術的統制と運用上の実践を組み合わせます。

一般的な別名: Play Integrity, SafetyNet successor。