Maya Robertson
Google has introduced significant updates to the Play Integrity API, aiming to bolster app security and streamline user experiences. Designed to help developers counter threats like fraud, bots, and unauthorized access, these improvements emphasize speed, privacy, and reliability.
The Play Integrity API now incorporates enhanced technology for devices running Android 13 and above. Starting today, developers can opt into the new verdict system, which will automatically roll out to all integrations by May 2025. These updated verdicts leverage hardware-backed security signals, such as Android Platform Key Attestation, to mitigate spoofing and improve defense against potential threats. Additionally, the system has reduced server-side device signal processing by 90%, promising a latency improvement of up to 80%.
A pivotal update to the API is the revised “meets-strong-integrity” response, which now requires devices to have received a security update within the past year. This adjustment targets apps with heightened security needs, such as banking and enterprise tools, allowing developers to tailor protection levels for sensitive functions. To accommodate users without this designation, fallback mechanisms are recommended.
Another addition is the device attributes field, enabling developers to adapt their app’s behavior based on the user’s Android SDK version. For instance, apps can implement varying responses to “meets-strong-integrity” definitions depending on whether the device runs Android 12 or Android 13 and above.
To improve usability, Google is standardizing optional verdict signals across apps and SDKs. For apps downloaded from Google Play, enhanced verdicts now include new security signals, such as an app access risk verdict, which identifies apps capable of capturing screens or controlling devices. This consistency ensures developers receive predictable information regardless of the API request source.
The improved Play Integrity API is available immediately for developers to integrate. Existing users can transition now or allow the system to update automatically in 2025.
Comments
Loading…