Wikipedia

Play Integrity API: Difference between revisions

Browse history interactively
← Previous editNext edit →
Content deleted Content added
VisualWikitext
m Improved phrasing and a few other minor fixes
Line 4:
== Attestation ==
 
The SafetyNet Attestation API,<ref>{{Cite web|title=SafetyNet Attestation API|url=https://developer.android.com/training/safetynet/attestation|website=Android Developers|language=en-US}}</ref> one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised.<ref>{{Cite web|last=Hoffman|first=Chris|title=SafetyNet Explained: Why Android Pay and Other Apps Don't Work on Rooted Devices|url=https://www.howtogeek.com/241012/safetynet-explained-why-android-pay-and-other-apps-dont-work-on-rooted-devices/|access-date=2021-09-11|website=How-To Geek|date=4 February 2016 |language=en-US}}</ref><ref>{{Cite web|date=2020-06-29|title=Google's dreaded SafetyNet hardware check has been spotted in the wild|url=https://www.androidpolice.com/2020/06/29/googles-dreaded-safetynet-hardware-check-has-been-spotted-in-the-wild/|access-date=2021-09-11|website=Android Police|language=en-US}}</ref><ref>{{Cite book|last1=Ibrahim|first1=Muhammad|last2=Imran|first2=Abdullah|last3=Bianchi|first3=Antonio|title=Proceedings of the 19th Annual International Conference on Mobile Systems, Applications, and Services |chapter=SafetyNOT |date=2021-06-24|language=en|___location=Virtual Event Wisconsin|publisher=ACM|pages=150–162|doi=10.1145/3458864.3466627|isbn=978-1-4503-8443-8|doi-access=free}}</ref> In practice, non-official ROMs such as [[LineageOS]] fail the hardware attestation and thus restrictprevent the user from using a non-compliant ROM while being able to usewith third-party apps (mainly banking) that require the API.
Due to this, some consider this a monopolistic practice deterring the entrance of competing [[mobile operating system]]s in the market.<ref>{{cite web |last1=Schwab |first1=Andreas |last2=Echeverria |first2=Pablo Arias |title=Time to restore fairness and contestability in digital markets |url=https://www.euractiv.com/section/digital/opinion/time-to-restore-fairness-and-contestability-in-digital-markets/ |website=www.euractiv.com |date=24 March 2022}}</ref>
 
It requires a network connection to Google servers and validates the hardware signatures. Amongst the checks, the API looks for [[Bootloader unlocking|bootloader unlock]] status, ROM signatures, kernel strings, it also uses [[Verified boot|AVB2.0]] and [[dm-verity]] attestations. Upon successful checks, [[Google Play]] will mark the device as ''Certified''. The attestation runs in an environment called DroidGuard (<code>com.google.android.gms.unstable</code>).<ref name=":0" />
 
The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated.<ref name="timeline">{{Cite web|title=SafetyNet Deprecation Timeline|url=https://developer.android.com/privacy-and-security/safetynet/deprecation-timeline|website=Android Developers|language=en-US}} {{Retrieved|access-date=2023-10-06}}</ref> {{As of|2023|10|6|post=,}} Google planned to replace it with the '''Play Integrity API''' by the end of January 2025.<ref name="timeline" /><ref>{{cite web |title=Migrating from the SafetyNet Attestation API {{!}} Google Play |url=https://developer.android.com/google/play/integrity/migrate |website=Android Developers |language=en}}</ref> The replacementtransition ended on {{Date|2025-05-20}}, allbreaking applications which werenhadn't updatedbeen brokeupdated.<ref>{{Cite web |date=2025-05-21 |title=Google deprecates old SafetyNet API in favor of Play Integrity API |url=https://linustechtips.com/topic/1612681-google-deprecates-old-safetynet-api-in-favor-of-play-integrity-api/ |access-date=2025-07-08 |website=Linus Tech Tips |language=en-US}}</ref> These attestations are offered by Google Play Services and thus are not available on [[Free software|free]] Android environments, like [[Android Open Source Project|AOSP]]. Therefore, developers can require the API to be available and may refuse to execute on AOSP builds.
 
== Google Play Protect ==
Under the same umbrelaumbrella, Play Protect is a mechanism ofto scanningfind and removal ofremove "vulnerable" apps from one's Android device as well as store apps. Although it's meant to scan for malware-containing apps, it also looks for non-DRM compliant apps.<ref>{{Cite web|title=Android-Cerified|url=https://www.android.com/certified/}}</ref>
 
== Criticism ==
Retrieved from "https://en.wikipedia.org/wiki/Play_Integrity_API"