Play Integrity API

SafetyNet^[1] consists of several application programming interfaces (APIs) offered by the Google Play Services to support security sensitive applications and enforce DRM. Currently, these APIs include device integrity verification, app verification, recaptcha and web address verification. It is an extension of AVB2.0 and dm-verity.

Attestation

The SafetyNet Attestation API,^[2] one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised.^[3][4][5] In practice, non-official ROMs such as LineageOS fail the hardware attestation and thus restrict the user from using a non-compliant ROM while being able to use third-party apps (mainly banking) that require the API. Due to this, some consider this a monopolistic practice deterring the entrance of competing mobile operating systems in the market. ^[6]

Attestation requires a network connection for Google Play Services to connect to Google servers and validate the hardware signatures. Amongst the checks, the API looks for bootloader unlock status, ROM signature and kernel strings. Upon successful checks, Google Play will mark the device as Certified.

The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated.^[7] As of 6 October 2023,^[update] Google expects to fully replace it with the Play Integrity API by the end of January 2025.^[7][8] Like the SafetyNet APIs, the Play Integrity API is offered by Google Services and thus is not available on free Android environments (AOSP). Therefore, apps that require the API to be available may refuse to execute on AOSP builds.

Criticism

Multiple groups have criticised SafetyNet and the Play Integrity API.^[9] Criticisms include that it offers weaker protection compared to alternatives such as Android's hardware attestation API, which provides a stronger form of verification while having the ability to remain compatible with more secure Android operating systems like GrapheneOS.^[10][11]

Critics have also argued that the Play Integrity API undermines competition by effectively requiring developers to rely on Google's proprietary services, strengthening its monopoly over the Android ecosystem and disadvantaging alternative, privacy-focused operating systems.^[12]

Users have also developed tools, such as the Play Integrity Fix module for Magisk/KernelSU/APatch, which tricks the attestation using leaked fingerprints of vulnerable devices.^[13][14] Some developers made petitions on sites like Change.org.^[15]

Furthermore, some have questioned the effectiveness of the attestation, claiming it does not deliver the level of security promised by Google and instead serves more as a form of vendor lock-in than a meaningful security measure. Activists have also raised concerns that it may violate antitrust and competition laws, like the Digital Markets Act.

See also

• Samsung Knox
• Trusted Computing