Google continues to improve the mechanisms of protecting on the Android platform, presenting an update to Google Play Integrity API. This interface allows developers to “check that interactions and requests for the server come from their genuine binary file of the application operating on the authentic android device.”
Google Play Integrity API is looking for evidence that the application has not been changed, works in a “reliable” software environment, and that the device included Google Play Protect. In fact, Play Integrity is the successor to Safetynet Attestation, but with an expanded set of functions for developers.
Developers can call the Play Integrity API at any time of the operation of their application, receive the so-called “integrity verdict” and make decisions based on it. Some applications check the integrity at start-up and can completely block access depending on the result, while others do this only before performing important actions in order to warn the user about potential risks.
The last update of the API provides the developers with a new tool to combat sideloading – installing applications bypassing the official Google Play store. Now applications can easily determine whether the user who installed them is “genuine”, that is, whether he acquired the application officially.
When the API discovers that the application was installed not through the Play Store, it can cause the Get_LicEnd dialog box. The user is invited to “get this application from Play” to continue use. With the consent, the transition to the application page in the store occurs, where instead of the usual “install” button, it is displayed from Play ”. After confirmation, the unofficial version is removed along with all the data, and the new one is added to the user library with the possibility of receiving future updates.
The introduction of this function has both positive and negative aspects. It increases safety for ordinary users, protecting them from potentially dangerous actions. However, this also complicates the life of advanced users who prefer deeper control over their devices.
Already now, Play Integrity API is used by many popular applications, including Stripe, Uber and Tiktok. Some games, such as Tesco and Beyblade X, have already introduced the function of checking the legality of the installation. It is expected that more and more applications will begin to use the new API capabilities.
It is worth noting that the developers had previously had ways to detect sideloading, but the new API update greatly simplifies the implementation of such a check. In the future, this can lead to the fact that