Posted by Dom Elliott – Group Product Supervisor, Google Play
At Google Play, we’re dedicated to offering a protected and safe setting for what you are promoting to thrive. That’s why we regularly put money into reinforcing consumer belief, defending what you are promoting, and safeguarding the ecosystem. This consists of actively combating dangerous actors who attempt to deceive customers or unfold malware, and supplying you with instruments to fight abuse.
Our instruments just like the Play Integrity API helps defend what you are promoting from income loss and improve consumer security. You need to use the Play Integrity API to detect suspicious exercise and resolve how to reply to abuse, equivalent to fraud, bots, dishonest, or information theft. In actual fact, apps that use Play Integrity options have seen 80% much less unauthorized utilization on common in comparison with different apps. Right now, we’re sharing how we’re enhancing the Play Integrity API for everybody.
Play integrity verdicts have gotten sooner, much less spoofable, and extra privacy-friendly
Beginning immediately, we’re altering the expertise that powers the Play Integrity API on all units working Android 13 (API stage 33) and above to make it sooner, extra dependable, and extra non-public for customers. Builders already utilizing Play Integrity API can opt-in to begin utilizing the brand new verdicts immediately; all API integrations will routinely transition to the brand new verdicts in Could 2025. The improved verdicts would require, and make higher use of, hardware-backed safety indicators utilizing Android Platform Key Attestation, making it considerably tougher and extra expensive for attackers to bypass. We’ll even be adjusting verdicts once we detect safety threats throughout Android SDK variations, equivalent to when there’s proof of extreme exercise or key compromise, with out requiring any developer work. And now, Play Integrity API may have the identical stage of reliability and assist throughout all Android kind elements.
The transition to the brand new verdicts will cut back the system indicators that must be collected and evaluated on Google servers by ~90% and our testing signifies verdict latency can enhance by as much as ~80%.
Now you can examine whether or not a tool has a latest safety replace
Play Integrity API gives enhanced safety indicators, just like the non-compulsory “meets-strong-integrity” and “meets-basic-integrity” responses within the system recognition verdict, that can assist you resolve how a lot you belief the setting your app is working in. Now, we’re updating the “meets-strong-integrity” response to require a safety replace throughout the final yr on units working Android 13 and above. This replace provides apps with greater safety wants, like banking and finance apps, governments, and enterprise apps, extra methods to tailor their stage of safety for delicate options, like transferring cash. When the robust label isn’t out there for the consumer, we advocate that you’ve got a fallback possibility. Be taught extra about our really helpful API practices.
We’re additionally making it simpler so that you can alter your app’s conduct based mostly on the consumer’s Android SDK model with a new system attributes subject. For instance, your app might reply in a different way to the legacy “meets-strong-integrity” definition on units working Android 12 and decrease than to the improved definition on units working Android 13 and better. The FAQ consists of some instance code for utilizing the brand new system attributes subject.
We’re standardizing all non-compulsory verdict indicators so it’s constant so that you can use
We’re simplifying and standardizing all verdict content material throughout apps, video games, SDKs, and extra, in order that what you see shall be extra constant and predictable. For apps put in by Google Play, you may get enhanced verdicts with non-compulsory indicators such because the improved “meets-strong-integrity” system verdict and the lately launched app entry danger verdict (which helps you detect and and reply to apps that may seize the display or management the system, so you possibly can defend your customers from scams or malicious exercise). For apps put in out of Google Play and all different API requests, you’ll obtain a verdict with details about the system, account license, and app, however with out the additional safety indicators.
Builders can begin utilizing the improved verdicts immediately they usually’ll go dwell for all integrations in Could 2025
Beginning immediately, all new integrations will routinely obtain the improved verdicts. Builders who already use the Play Integrity API can opt-in to the brand new verdicts now, or wait till it routinely updates for them in Could 2025. For extra data, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is changing into an much more important instrument for safeguarding your apps and customers.
How helpful did you discover this weblog put up?
★ ★ ★ ★ ★
