Posted by Dom Elliott – Group Product Supervisor, Google Play
At Google Play, we’re dedicated to offering a protected and safe atmosphere for your small business to thrive. That’s why we frequently put money into reinforcing person belief, defending your small business, and safeguarding the ecosystem. This contains actively combating dangerous actors who attempt to deceive customers or unfold malware, and supplying you with instruments to fight abuse.
Our instruments just like the Play Integrity API helps shield your small business from income loss and improve person security. You should utilize the Play Integrity API to detect suspicious exercise and resolve how to answer abuse, reminiscent of fraud, bots, dishonest, or information theft. In truth, apps that use Play Integrity options have seen 80% much less unauthorized utilization on common in comparison with different apps. Immediately, we’re sharing how we’re enhancing the Play Integrity API for everybody.
Play integrity verdicts have gotten sooner, much less spoofable, and extra privacy-friendly
Beginning in the present day, we’re altering the know-how that powers the Play Integrity API on all gadgets operating Android 13 (API degree 33) and above to make it sooner, extra dependable, and extra personal for customers. Builders already utilizing Play Integrity API can opt-in to begin utilizing the brand new verdicts in the present day; all API integrations will robotically transition to the brand new verdicts in Could 2025. The improved verdicts would require, and make higher use of, hardware-backed safety alerts utilizing Android Platform Key Attestation, making it considerably tougher and extra pricey for attackers to bypass. We’ll even be adjusting verdicts after we detect safety threats throughout Android SDK variations, reminiscent of when there’s proof of extreme exercise or key compromise, with out requiring any developer work. And now, Play Integrity API may have the identical degree of reliability and assist throughout all Android type elements.
The transition to the brand new verdicts will scale back the machine alerts that must be collected and evaluated on Google servers by ~90% and our testing signifies verdict latency can enhance by as much as ~80%.
Now you can examine whether or not a tool has a latest safety replace
Play Integrity API gives enhanced safety alerts, just like the elective “meets-strong-integrity” and “meets-basic-integrity” responses within the machine recognition verdict, that can assist you resolve how a lot you belief the atmosphere your app is operating in. Now, we’re updating the “meets-strong-integrity” response to require a safety replace throughout the final yr on gadgets operating Android 13 and above. This replace provides apps with increased safety wants, like banking and finance apps, governments, and enterprise apps, extra methods to tailor their degree of safety for delicate options, like transferring cash. When the sturdy label isn’t out there for the person, we suggest that you’ve a fallback choice. Study extra about our beneficial API practices.
We’re additionally making it simpler so that you can regulate your app’s habits based mostly on the person’s Android SDK model with a new machine attributes subject. For instance, your app may reply in another way to the legacy “meets-strong-integrity” definition on gadgets operating Android 12 and decrease than to the improved definition on gadgets operating Android 13 and better. The FAQ contains some instance code for utilizing the brand new machine attributes subject.
We’re standardizing all elective verdict alerts so it’s constant so that you can use
We’re simplifying and standardizing all verdict content material throughout apps, video games, SDKs, and extra, in order that what you see can be extra constant and predictable. For apps put in by Google Play, you may get enhanced verdicts with elective alerts such because the improved “meets-strong-integrity” machine verdict and the just lately launched app entry danger verdict (which helps you detect and and reply to apps that may seize the display screen or management the machine, so you’ll be able to shield your customers from scams or malicious exercise). For apps put in out of Google Play and all different API requests, you’ll obtain a verdict with details about the machine, account license, and app, however with out the additional safety alerts.
Builders can begin utilizing the improved verdicts in the present day and so they’ll go reside for all integrations in Could 2025
Beginning in the present day, all new integrations will robotically obtain the improved verdicts. Builders who already use the Play Integrity API can opt-in to the brand new verdicts now, or wait till it robotically updates for them in Could 2025. For extra data, see the Play Integrity API documentation. With these ongoing enhancements, the Play Integrity API is turning into an much more important instrument for safeguarding your apps and customers.
How helpful did you discover this weblog put up?
★ ★ ★ ★ ★
