Posted by Dom Elliott – Group Product Supervisor, Google Play
At Google Play, we’re dedicated to offering a protected and safe setting for your online business to thrive. That’s why we frequently spend money on reinforcing consumer belief, defending your online business, and safeguarding the ecosystem. This consists of actively combating dangerous actors who attempt to deceive customers or unfold malware, and providing you with instruments to fight abuse.
Our instruments just like the Play Integrity API helps defend your online business from income loss and improve consumer security. You need to use the Play Integrity API to detect suspicious exercise and resolve how to answer abuse, equivalent to fraud, bots, dishonest, or information theft. Actually, apps that use Play Integrity options have seen 80% much less unauthorized utilization on common in comparison with different apps. As we speak, we’re sharing how we’re enhancing the Play Integrity API for everybody.
Play integrity verdicts have gotten quicker, much less spoofable, and extra privacy-friendly
Beginning right now, we’re altering the know-how that powers the Play Integrity API on all gadgets operating Android 13 (API degree 33) and above to make it quicker, extra dependable, and extra personal for customers. Builders already utilizing Play Integrity API can opt-in to begin utilizing the brand new verdicts right now; all API integrations will robotically transition to the brand new verdicts in Could 2025. The improved verdicts would require, and make better use of, hardware-backed safety alerts utilizing Android Platform Key Attestation, making it considerably more durable and extra expensive for attackers to bypass. We’ll even be adjusting verdicts after we detect safety threats throughout Android SDK variations, equivalent to when there’s proof of extreme exercise or key compromise, with out requiring any developer work. And now, Play Integrity API may have the identical degree of reliability and assist throughout all Android type elements.
The transition to the brand new verdicts will scale back the gadget alerts that must be collected and evaluated on Google servers by ~90% and our testing signifies verdict latency can enhance by as much as ~80%.
Now you can verify whether or not a tool has a latest safety replace
Play Integrity API gives enhanced safety alerts, just like the non-obligatory “meets-strong-integrity” and “meets-basic-integrity” responses within the gadget recognition verdict, that can assist you resolve how a lot you belief the setting your app is operating in. Now, we’re updating the “meets-strong-integrity” response to require a safety replace inside the final 12 months on gadgets operating Android 13 and above. This replace provides apps with greater safety wants, like banking and finance apps, governments, and enterprise apps, extra methods to tailor their degree of safety for delicate options, like transferring cash. When the robust label isn’t accessible for the consumer, we suggest that you’ve a fallback possibility. Be taught extra about our really helpful API practices.
We’re additionally making it simpler so that you can modify your app’s conduct primarily based on the consumer’s Android SDK model with a new gadget attributes discipline. For instance, your app may reply in a different way to the legacy “meets-strong-integrity” definition on gadgets operating Android 12 and decrease than to the improved definition on gadgets operating Android 13 and better. The FAQ consists of some instance code for utilizing the brand new gadget attributes discipline.
We’re standardizing all non-obligatory verdict alerts so it’s constant so that you can use
We’re simplifying and standardizing all verdict content material throughout apps, video games, SDKs, and extra, in order that what you see might be extra constant and predictable. For apps put in by Google Play, you will get enhanced verdicts with non-obligatory alerts such because the improved “meets-strong-integrity” gadget verdict and the just lately launched app entry threat verdict (which helps you detect and and reply to apps that may seize the display or management the gadget, so you’ll be able to defend your customers from scams or malicious exercise). For apps put in out of Google Play and all different API requests, you’ll obtain a verdict with details about the gadget, account license, and app, however with out the additional safety alerts.
Builders can begin utilizing the improved verdicts right now and so they’ll go reside for all integrations in Could 2025
Beginning right now, all new integrations will robotically obtain the improved verdicts. Builders who already use the Play Integrity API can opt-in to the brand new verdicts now, or wait till it robotically updates for them in Could 2025. For extra info, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is changing into an much more important software for safeguarding your apps and customers.
How helpful did you discover this weblog publish?
★ ★ ★ ★ ★
