Posted by Dom Elliott – Group Product Supervisor, Google Play
At Google Play, we’re dedicated to offering a secure and safe surroundings for your small business to thrive. That’s why we frequently spend money on reinforcing person belief, defending your small business, and safeguarding the ecosystem. This consists of actively combating unhealthy actors who attempt to deceive customers or unfold malware, and providing you with instruments to fight abuse.
Our instruments just like the Play Integrity API helps defend your small business from income loss and improve person security. You should use the Play Integrity API to detect suspicious exercise and determine how to reply to abuse, akin to fraud, bots, dishonest, or knowledge theft. In truth, apps that use Play Integrity options have seen 80% much less unauthorized utilization on common in comparison with different apps. As we speak, we’re sharing how we’re enhancing the Play Integrity API for everybody.
Play integrity verdicts have gotten quicker, much less spoofable, and extra privacy-friendly
Beginning in the present day, we’re altering the expertise that powers the Play Integrity API on all gadgets working Android 13 (API stage 33) and above to make it quicker, extra dependable, and extra non-public for customers. Builders already utilizing Play Integrity API can opt-in to begin utilizing the brand new verdicts in the present day; all API integrations will robotically transition to the brand new verdicts in Might 2025. The improved verdicts would require, and make higher use of, hardware-backed safety indicators utilizing Android Platform Key Attestation, making it considerably more durable and extra expensive for attackers to bypass. We’ll even be adjusting verdicts after we detect safety threats throughout Android SDK variations, akin to when there may be proof of extreme exercise or key compromise, with out requiring any developer work. And now, Play Integrity API may have the identical stage of reliability and help throughout all Android type elements.
The transition to the brand new verdicts will cut back the gadget indicators that must be collected and evaluated on Google servers by ~90% and our testing signifies verdict latency can enhance by as much as ~80%.
Now you can verify whether or not a tool has a latest safety replace
Play Integrity API provides enhanced safety indicators, just like the elective “meets-strong-integrity” and “meets-basic-integrity” responses within the gadget recognition verdict, that will help you determine how a lot you belief the surroundings your app is working in. Now, we’re updating the “meets-strong-integrity” response to require a safety replace throughout the final 12 months on gadgets working Android 13 and above. This replace provides apps with larger safety wants, like banking and finance apps, governments, and enterprise apps, extra methods to tailor their stage of safety for delicate options, like transferring cash. When the robust label isn’t out there for the person, we advocate that you’ve a fallback possibility. Be taught extra about our beneficial API practices.
We’re additionally making it simpler so that you can regulate your app’s conduct based mostly on the person’s Android SDK model with a new gadget attributes discipline. For instance, your app may reply in a different way to the legacy “meets-strong-integrity” definition on gadgets working Android 12 and decrease than to the improved definition on gadgets working Android 13 and better. The FAQ consists of some instance code for utilizing the brand new gadget attributes discipline.
We’re standardizing all elective verdict indicators so it’s constant so that you can use
We’re simplifying and standardizing all verdict content material throughout apps, video games, SDKs, and extra, in order that what you see shall be extra constant and predictable. For apps put in by Google Play, you may get enhanced verdicts with elective indicators such because the improved “meets-strong-integrity” gadget verdict and the lately launched app entry threat verdict (which helps you detect and and reply to apps that may seize the display screen or management the gadget, so you’ll be able to defend your customers from scams or malicious exercise). For apps put in out of Google Play and all different API requests, you’ll obtain a verdict with details about the gadget, account license, and app, however with out the additional safety indicators.
Builders can begin utilizing the improved verdicts in the present day and so they’ll go dwell for all integrations in Might 2025
Beginning in the present day, all new integrations will robotically obtain the improved verdicts. Builders who already use the Play Integrity API can opt-in to the brand new verdicts now, or wait till it robotically updates for them in Might 2025. For extra info, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is turning into an much more important instrument for safeguarding your apps and customers.
How helpful did you discover this weblog submit?
★ ★ ★ ★ ★
