Posted by Dom Elliott – Group Product Supervisor, Google Play
At Google Play, we’re dedicated to offering a secure and safe surroundings for your enterprise to thrive. That’s why we frequently put money into reinforcing consumer belief, defending your enterprise, and safeguarding the ecosystem. This consists of actively combating dangerous actors who attempt to deceive customers or unfold malware, and supplying you with instruments to fight abuse.
Our instruments just like the Play Integrity API helps defend your enterprise from income loss and improve consumer security. You should use the Play Integrity API to detect suspicious exercise and determine how to reply to abuse, resembling fraud, bots, dishonest, or knowledge theft. Actually, apps that use Play Integrity options have seen 80% much less unauthorized utilization on common in comparison with different apps. At present, we’re sharing how we’re enhancing the Play Integrity API for everybody.
Play integrity verdicts have gotten quicker, much less spoofable, and extra privacy-friendly
Beginning as we speak, we’re altering the expertise that powers the Play Integrity API on all units working Android 13 (API stage 33) and above to make it quicker, extra dependable, and extra personal for customers. Builders already utilizing Play Integrity API can opt-in to begin utilizing the brand new verdicts as we speak; all API integrations will mechanically transition to the brand new verdicts in Might 2025. The improved verdicts would require, and make larger use of, hardware-backed safety alerts utilizing Android Platform Key Attestation, making it considerably more durable and extra expensive for attackers to bypass. We’ll even be adjusting verdicts after we detect safety threats throughout Android SDK variations, resembling when there may be proof of extreme exercise or key compromise, with out requiring any developer work. And now, Play Integrity API can have the identical stage of reliability and assist throughout all Android type elements.
The transition to the brand new verdicts will cut back the gadget alerts that should be collected and evaluated on Google servers by ~90% and our testing signifies verdict latency can enhance by as much as ~80%.
Now you can examine whether or not a tool has a latest safety replace
Play Integrity API affords enhanced safety alerts, just like the optionally available “meets-strong-integrity” and “meets-basic-integrity” responses within the gadget recognition verdict, that will help you determine how a lot you belief the surroundings your app is working in. Now, we’re updating the “meets-strong-integrity” response to require a safety replace throughout the final yr on units working Android 13 and above. This replace offers apps with larger safety wants, like banking and finance apps, governments, and enterprise apps, extra methods to tailor their stage of safety for delicate options, like transferring cash. When the robust label isn’t out there for the consumer, we suggest that you’ve got a fallback choice. Study extra about our really useful API practices.
We’re additionally making it simpler so that you can modify your app’s conduct primarily based on the consumer’s Android SDK model with a new gadget attributes area. For instance, your app may reply in another way to the legacy “meets-strong-integrity” definition on units working Android 12 and decrease than to the improved definition on units working Android 13 and better. The FAQ consists of some instance code for utilizing the brand new gadget attributes area.
We’re standardizing all optionally available verdict alerts so it’s constant so that you can use
We’re simplifying and standardizing all verdict content material throughout apps, video games, SDKs, and extra, in order that what you see shall be extra constant and predictable. For apps put in by Google Play, you will get enhanced verdicts with optionally available alerts such because the improved “meets-strong-integrity” gadget verdict and the not too long ago launched app entry danger verdict (which helps you detect and and reply to apps that may seize the display screen or management the gadget, so you’ll be able to defend your customers from scams or malicious exercise). For apps put in out of Google Play and all different API requests, you’ll obtain a verdict with details about the gadget, account license, and app, however with out the additional safety alerts.
Builders can begin utilizing the improved verdicts as we speak and so they’ll go stay for all integrations in Might 2025
Beginning as we speak, all new integrations will mechanically obtain the improved verdicts. Builders who already use the Play Integrity API can opt-in to the brand new verdicts now, or wait till it mechanically updates for them in Might 2025. For extra info, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is turning into an much more important software for safeguarding your apps and customers.
How helpful did you discover this weblog publish?
★ ★ ★ ★ ★
