- The Google Play Integrity API has been updated with a new feature called app access risk.
- App access risk detects whether there are other apps running on the device that might be capturing the screen or controlling it.
- Developers can then prompt users to close these potentially risky apps before they can continue using their apps.
Every app developer is responsible for protecting their own users, but they have little control over what other software a user installs on their device — and for good reason. Users should be allowed to install whatever apps they want on their own personal devices (including via sideloading), but some of those apps could be malicious and do things like discreetly record the screen. That’s why Google is giving developers a new tool that forces users to close potentially risky apps before those apps can steal any data.
The new tool — called app access risk — is provided as part of the Google Play Integrity API. That’s the system that helps developers “check that interactions and server requests are coming from [their] genuine app binary running on a genuine Android device.” It analyzes the app that calls the API as well as the OS itself to look for signs of tampering. Apps that call the API receive an integrity verdict that tells them whether the app binary and the software environment it’s running in are “genuine,” i.e. they match versions that are known to Google.