- Play Integrity is getting some upgrades that promise faster, more secure device attestation.
- The new verdicts are opt-in for devs right now, but will be widely deployed in 2025.
- While this is good news for average users, custom ROM and sideloading enthusiasts may run into trouble.
With as complex as modern software is, getting security right can be an extremely delicate balancing act. Obviously, no security at all results in a Wild West situation where it’s all too easy for malware to ruin your day. But on the flip side, overly cumbersome security can lead down a road where app functionality is negatively impacted. On Android, Google offers developers the use of its Play Integrity API to securely verify the environment apps run in. Google’s now got some new Play Integrity upgrades incoming, and while this is generally good news for most of us, it’s likely to cause some headaches for others.
Play Integrity gives Android apps powerful tools to only operate under their own terms. That means that apps can make sure your phone’s not rooted, for instance, or that you’re not running a custom ROM. For years now, there’s been a back-and-forth between devs and users who are interested in pushing these boundaries, as the users find new ways to spoof attestation checks and convince apps to run where devs don’t want them to. But with the changes Google’s making to the Play Integrity API, the company says that spoofing will now be harder than ever.