Google Play Integrity API

The Play Integrity API is an API provided by Google for the Android Operating System that allows applications to verify the genuineness of the app's binary and Android version.^[1] It is the successor of the now deprecated SafetyNet Attestation API.^[2] The API offers 4 device integrity labels, which are detailed in the table below.^[3]


Integrity Level	Bootloader Can Be Unlocked	Customized OSes Allowed	Description	Requirement(s)
`MEETS_BASIC_INTEGRITY`	Yes	Yes	The app is running on a device that passes basic system integrity checks. The device may not be Play Protect certified.	Attestation root of trust provided by Google
`MEETS_VIRTUAL_INTEGRITY`	Unknown	Unknown	The app is running on an Android-powered emulator with Google Play services.	The emulator passes system integrity checks and meets core Android compatibility requirements.
`MEETS_DEVICE_INTEGRITY`	No	No	The app is running on a genuine Play Protect certified Android-powered device.	Hardware-backed proof that the device bootloader is locked and the loaded Android OS is a certified device manufacturer image.
`MEETS_STRONG_INTEGRITY`	No	No	The app is running on a genuine Play Protect certified Android-powered device with a recent security update.	Android 13+: `MEETS_DEVICE_INTEGRITY` and security updates in the last year for all partitions of the device, including an Android OS partition patch and a vendor partition patch. Android 12 and lower: Only hardware-backed proof of boot integrity

Consumer impact summary[edit | edit source]

Since the Play Integrity API relies on Google to certify devices, any apps requiring MEETS_DEVICE_INTEGRITY or MEETS_STRONG_INTEGRITY are only allowed on operating systems that Google allows. This allows Google to exert monopolistic power by not certifying competitors' operating systems, since many apps choose to use the Play Integrity API instead of the Key Attestation API that is built into Android.^[4]^[5]

Notable examples of apps requiring Google-certified operating systems:

Google Wallet
VPN by Google
Netflix
McDonald's
Uber Driver
Twitter/X
Twilio Authy Authenticator
ChatGPT^[6]^[7]

This has led to users being unable to use apps on privacy-focused forks of Android, like GrapheneOS.^[8]

References[edit | edit source]

↑ "Overview of the Play Integrity API". Android Developers. Archived from the original on 2025-06-07. Retrieved 2025-06-10.
↑ "About the SafetyNet Attestation API deprecation". Android Developers.
↑ "Integrity verdicts". Android Developers.
↑ "Apps & Games need PI". XDA Forums.
↑ "Verify hardware-backed key pairs with key attestation". Android Developers.
↑ "PlayIntegrity Verification failed - ChatGPT / Bugs". OpenAI Developer Community.
↑ "Question - ChatGPT error: Preauth Playintegrity verification failed". XDA Forums.
↑ "Wallet - Google Pay". GrapheneOS Discussion Forum.

[1] "Overview of the Play Integrity API". Android Developers. Archived from the original on 2025-06-07. Retrieved 2025-06-10.

[2] "About the SafetyNet Attestation API deprecation". Android Developers.

[3] "Integrity verdicts". Android Developers.

[4] "Apps & Games need PI". XDA Forums.

[5] "Verify hardware-backed key pairs with key attestation". Android Developers.

[6] "PlayIntegrity Verification failed - ChatGPT / Bugs". OpenAI Developer Community.

[7] "Question - ChatGPT error: Preauth Playintegrity verification failed". XDA Forums.

[8] "Wallet - Google Pay". GrapheneOS Discussion Forum.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

Consumer impact summary[edit | edit source]

See also[edit | edit source]

References[edit | edit source]