Consumer Rights Wiki

Google Play Integrity API: Difference between revisions

VisualWikitext
JP (talk | contribs)
confirmed
32 edits
Added an article for the Play Integrity API
 
mNo edit summary
 
(4 intermediate revisions by 2 users not shown)
Line 1: Line 1:
The Play Integrity API is an API provided by [[Google]] for the [[Android]] Operating System that allows applications to verify the genuineness of the apps binary and Android version.<ref>{{Cite web |title=Overview of the Play Integrity API |url=https://developer.android.com/google/play/integrity/overview |archive-url=https://web.archive.org/web/20250607124755/https://developer.android.com/google/play/integrity/overview |archive-date=2025-06-07 |access-date=2025-06-10 |website=Android Developers}}</ref> It is the successor of the now deprecated SafetyNet Attestation API.<ref>{{Cite web |title=About the SafetyNet Attestation API deprecation |url=https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline |website=Android Developers}}</ref> The API offers 4 device integrity labels, which are detailed in the table below.<ref>{{Cite web |title=Integrity verdicts |url=https://developer.android.com/google/play/integrity/verdicts#device-integrity-field |website=Android Developers}}</ref>  
The Play Integrity API is an API provided by [[Google]] for the [[Android]] Operating System that allows applications to verify the genuineness of the app's binary and Android version.<ref>{{Cite web |title=Overview of the Play Integrity API |url=https://developer.android.com/google/play/integrity/overview |archive-url=https://web.archive.org/web/20250607124755/https://developer.android.com/google/play/integrity/overview |archive-date=2025-06-07 |access-date=2025-06-10 |website=Android Developers}}</ref> It is the successor of the now deprecated SafetyNet Attestation API.<ref>{{Cite web |title=About the SafetyNet Attestation API deprecation |url=https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline |website=Android Developers}}</ref> The API offers 4 device integrity labels, which are detailed in the table below.<ref>{{Cite web |title=Integrity verdicts |url=https://developer.android.com/google/play/integrity/verdicts#device-integrity-field |website=Android Developers}}</ref>  
{| class="wikitable"
{| class="wikitable"
|+
|+
Line 37: Line 37:
Since the Play Integrity API relies on Google to certify devices, any apps requiring <code>MEETS_DEVICE_INTEGRITY</code> or <code>MEETS_STRONG_INTEGRITY</code> are only allowed on operating systems that Google allows. This allows Google to exert [[Monopoly|monopolistic]] power by not certifying competitors' operating systems, since many apps choose to use the Play Integrity API instead of the Key Attestation API that is built into Android.<ref>{{Cite web |title=Apps & Games need PI |url=https://xdaforums.com/t/4677050/ |website=XDA Forums}}</ref><ref>{{Cite web |title=Verify hardware-backed key pairs with key attestation |url=https://developer.android.com/privacy-and-security/security-key-attestation |website=Android Developers}}</ref>
Since the Play Integrity API relies on Google to certify devices, any apps requiring <code>MEETS_DEVICE_INTEGRITY</code> or <code>MEETS_STRONG_INTEGRITY</code> are only allowed on operating systems that Google allows. This allows Google to exert [[Monopoly|monopolistic]] power by not certifying competitors' operating systems, since many apps choose to use the Play Integrity API instead of the Key Attestation API that is built into Android.<ref>{{Cite web |title=Apps & Games need PI |url=https://xdaforums.com/t/4677050/ |website=XDA Forums}}</ref><ref>{{Cite web |title=Verify hardware-backed key pairs with key attestation |url=https://developer.android.com/privacy-and-security/security-key-attestation |website=Android Developers}}</ref>


Notable examples include of apps requiring Google-certified operating systems:
Notable examples of apps requiring Google-certified operating systems:


* Google Wallet
*Google Wallet
* VPN by Google
*VPN by Google
* Netflix
*Netflix
* McDonald's
*McDonald's
* Uber Driver
*Uber Driver
* Twitter/X
*Twitter/X
* Twilio Authy Authenticator
*Twilio Authy Authenticator
* ChatGPT<ref>{{Cite web |title=PlayIntegrity Verification failed - ChatGPT / Bugs |url=https://community.openai.com/t/1267945 |website=OpenAI Developer Community}}</ref><ref>{{Cite web |title=Question - ChatGPT error: Preauth Playintegrity verification failed |url=https://xdaforums.com/t/4737618/ |website=XDA Forums}}</ref>
*ChatGPT<ref>{{Cite web |title=PlayIntegrity Verification failed - ChatGPT / Bugs |url=https://community.openai.com/t/1267945 |website=OpenAI Developer Community}}</ref><ref>{{Cite web |title=Question - ChatGPT error: Preauth Playintegrity verification failed |url=https://xdaforums.com/t/4737618/ |website=XDA Forums}}</ref>


The has led to users being unable to use apps on privacy-focused forks on Android, like [[GrapheneOS]].<ref>{{Cite web |title=Wallet - Google Pay |url=https://discuss.grapheneos.org/d/475/ |website=GrapheneOS Discussion Forum}}</ref>
This has led to users being unable to use apps on privacy-focused forks of Android, like [[GrapheneOS]].<ref>{{Cite web |title=Wallet - Google Pay |url=https://discuss.grapheneos.org/d/475/ |website=GrapheneOS Discussion Forum}}</ref>


==See also==
==See also==
Line 56: Line 56:
{{reflist}}
{{reflist}}


[[Category:{{PAGENAME}}]]
[[Category:Android]]
[[Category:Google Play Store]]
Retrieved from "https://consumerrights.wiki/Google_Play_Integrity_API"