Notification

You can now request help from the Help page in your Play Console account.  If you don't have access to Play Console, ask your account admin for an invite.

Use the Play Integrity API to detect risky interactions and fight abuse

You can use the Play Integrity API to protect your apps and games from risky interactions. By identifying these interactions, your app can respond appropriately to reduce the risk of attacks and abuse.

How it works

The Play Integrity API helps you protect your apps and games from abuse by checking if user interactions and server requests are coming from your unmodified app binary, installed by Google Play, and running on a genuine Android device (or genuine instance of Google Play Games for PC). By detecting a wide range of threats—such as modified versions of your app, untrustworthy devices, or other untrustworthy environments—you can respond appropriately to reduce attacks like fraud, cheating, and unauthorized access.

When a user performs an action, your app requests a Play Integrity API assessment. The Google Play server returns an encrypted response with an integrity verdict that your app then forwards to your server for verification. Your backend server uses this verdict to decide what your app or game should do next. 

The API returns verdicts that help you detect potential threats, including:

  • Unauthorized access: The accountDetails verdict helps you determine whether the user installed or paid for your app or game on Google Play.
  • Code tampering: The appIntegrity verdict helps you determine whether you're interacting with your unmodified binary that Google Play recognizes.
  • Risky devices and emulated environments: The deviceIntegrity verdict helps you determine whether your app is running on a genuine certified Android device or a genuine instance of Google Play Games for PC.

Key Point: When the Play Integrity API assesses an environment, it uses hardware-backed security signals that are highly resilient to attacks and circumvention. Play Integrity API simplifies developer integration work and ongoing management by abstracting away signal complexity and issue mitigation across Android SDK versions, device manufacturer provisioned keys, and device models.

Google Play developers can also opt-in to receive additional verdicts to detect a broader range of potential threats, including:

  • Unpatched devices: The MEETS_STRONG_INTEGRITY response in the deviceIntegrity verdict helps you determine if a device has applied recent security updates (for devices running Android 13 and higher).
  • Risky access by other apps: The appAccessRiskVerdict helps you determine whether apps are running that could be used to capture the screen, display overlays, or control the device (for example, by misusing the accessibility permission).
  • Known malware: The playProtectVerdict helps you determine whether Google Play Protect is turned on and whether it has found risky or dangerous apps installed on the device.
  • Hyperactivity: The recentDeviceActivity level helps you determine whether a device has made an anomalously high volume of requests recently, which could indicate automated traffic and could be a sign of attack.
  • Repeat abuse and reused devices: deviceRecall (beta) helps you determine whether you're interacting with a device that you've previously flagged, even if your app was reinstalled or the device was reset.

The API can be used across Android form factors including phones, tablets, foldables, Android Auto, Android TV, Android XR, ChromeOS, Wear OS, and on Google Play Games for PC.

 

Tips:

  • You can monitor the status of the Play Integrity API and other Play services using the Google Play status dashboard.
  • The Integrity API provides the most value for your app when you follow each of the recommended practices in the documentation on the Android Developers site.

Set up and manage the Play Integrity API

Enable the Integrity API for your app

Important: By accessing or using the Integrity API, you agree to the Play Integrity API Terms of Service.
To enable Integrity API responses for your app, you need to link a Google Cloud project in Play Console. To link your project:
  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Get started.
  4. Choose "Link existing project" and the project you want to link to.
  5. Click Link cloud project.

To start integrating the Integrity API into your app, you need to do the following:

  • For Java/Kotlin apps, install the latest available Android library for the Play Integrity API from Google’s Maven Repository.
  • For Unity games,  install the latest release of Google Play Plugins for Unity. All versions of 2019.x, 2020.x and newer are supported. If you use Unity 2018.x, install 2018.4 or newer. If you use Unity 2017.x, install 2017.4.40 or newer. Unity 5.x and older are not supported.
  • For Native apps and games, install the latest Play Core Native SDK.

Now you can follow these steps on the Android Developers site to start using the Play Integrity API in your app or game.

(Optional) Customize Integrity API responses 

To learn how to configure API integrity responses, visit the Android Developers site

To edit your API responses:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. Scroll to the "Responses" section.
  5. Click Edit.
  6. Select or deselect the checkboxes next to the API responses you want to change.
  7. Click Save changes.

Important: The changes to API responses take effect immediately after you save them, including when your app is in production. Before you change the set of API responses in your Play Console, make sure your server is prepared to accept those responses.

(Optional) Configure classic request settings

By default, Google manages your response encryption for classic requests. However, you can choose to self-manage your response encryption if you prefer. 

Important: Switching your response encryption between managed by Google and self-managed requires code changes on your backend server.

To self-manage your response encryption:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. Scroll to the "Classic requests" section. Next to "Response encryption," the status will be "Managed by Google" by default. Click Change.
  5. Choose "Manage and download my response encryption keys". Google will generate response encryption keys for you to download and manage. You must update your backend server logic to use the keys to decrypt responses.
  6. Follow the on-screen instruction to generate a .pem file and upload the .pem file to download your API keys.
  7. Click Save changes.
  8. An on-screen message will confirm that your response encryption management has been updated.
  9. Your new response encryption keys will be automatically downloaded. You can always download them in the future by clicking Download keys.

If you want to revert from self-managed to Google-managed:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. Scroll to the "Classic requests" section. Next to "Response encryption," the status will be "Self-managed" because you have changed it in the past. Click Edit.
  5. Choose "Let Google manage my response encryption (recommended)" and click Save changes. Google will generate and manage your response encryption keys. Your backend server must call Google Play’s server to decrypt responses.

Test your Play Integrity API integration

To test your Integrity API integration, you can set up a list of Gmail accounts and. First, make sure that your testers have access to your release. Publish your app to the internal test track or the track that you intend to test on. Then, follow the instructions for managing testers by email address or using Google Groups so that your testers can access your release.

To set up a test:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. Scroll to the "Testing" section.
  5. Click Create new test.
  6. Select an email list or create a new one.
  7. Click Create test.

Customize your store listing when users visit from Integrity API dialog

You can use an Integrity API remediation dialog to prompt users who have obtained your app unofficially to get your app from Google Play. When users tap on the dialog, they will be redirected to your store listing where they can tap on the install (or buy or update) button so that the app is added to the user’s Play library.

You can customize your store listing assets for any visitors who tap on Integrity API remediation dialog, including your app’s name, icon, descriptions, and graphic assets. To customize your store listing when users visit from an Integrity API dialog:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. Scroll to the "Customize store listing" section.
  5. Click Create listing.
  6. Follow the instructions on the Create custom store listing page and click Save.

Alternatively, you can create custom store listings for Integrity API dialogs directly from the Custom store listings page:

  1. Open Play Console and go to the Custom store listings page (Grow users > Custom store listings).
  2. Click Create listing, choose whether to create a new listing or duplicate an existing one, and click Next.
  3. Under "Listing details," find the "Target audience" section.
  4. Select By URL, and type "playintegrity" in the textbox.
  5. Enter all other details and click Save.

Tip: The URL parameter "playintegrity" is a special keyword that’s reserved for integrity deeplinks so it must be entered exactly when setting up the custom store listing.

Increase your Play Integrity API daily maximum requests

Apps can make up to 10,000 requests per day to the Integrity API by default.

To view the volume of requests your app makes daily:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Monitor Play Integrity API" section.
  3. Click on the monitor card to open the Integrity API report and view your daily number of requests.

To view your app’s daily maximum requests:

  1. Open Play Console and go to Protected with Play in the left hand menu.
  2. Scroll to the "Play Integrity API" section.
  3. Click Manage.
  4. View your daily quota.

You can request to make more than 10,000 requests per day. To be eligible you must:

  • Confirm correct implementation of API logic including retries.
  • Publish your app on Google Play in addition to any other distribution channels.

To increase your daily maximum requests, complete this form.

Related content

Was this helpful?

How can we improve it?

Need more help?

Try these next steps:

Post to the help community Get answers from community members
Contact us Tell us more and we’ll help you get there
true
Search
Clear search
Close search
Main menu
8473892990821978048
true
Search Help Center
false
true
true
true
true
true
92637
false
false
false
false
false