Latest news with #PlayIntegrityAPI
Android Authority
5 days ago
- Business
- Android Authority
Google Play's latest security change may break many Android apps for some power users
Mishaal Rahman / Android Authority TL;DR Google's updated Play Integrity API is making it significantly harder for users with rooted phones or custom ROMs to access certain applications due to enhanced security verifications. The update, now rolling out by default as of May 2025, enforces stricter hardware-backed security signals for integrity verdicts on devices running Android 13 or later. While this change aims to protect apps from abuse, it negatively impacts legitimate power users and potentially those on older devices lacking recent security patches. Compared to the billions of regular Android users, the number of people who root their Android phones or install custom ROMs is minuscule. While I wouldn't say Google is actively hostile towards these power users, the company's efforts to strengthen Android app security have the unfortunate side effect of negatively impacting their experience. Google's latest update to the Play Integrity API, for example, makes it easier for developers to protect their apps from abusive users while also making it significantly harder for legitimate power users to utilize certain applications. The Play Integrity API is a tool developers can use to verify that inbound interactions and server requests come from an unmodified version of their app binary running on a genuine Android device. Many developers use this API to mitigate app abuse that could lead to revenue or data loss. For example, the API can help prevent users from accessing premium content without paying, or it can help safeguard sensitive financial data by preventing access on devices that could potentially be compromised. Google The problem for power users who root their phones or install a custom ROM lies in Google's definition of a 'genuine' Android device: one running a Google Play-certified build of Android. This definition inherently excludes nearly every custom ROM, prompting many custom ROM users to employ hacks to spoof certified builds. While many people who root their phones don't install a custom ROM, they do unlock the bootloader as part of the rooting process. This step causes their devices to fail the more stringent Play Integrity checks, locking them out of many dining, medical, gaming, banking, and payment apps, as these types of apps often utilize the API's stricter evaluations. Previously, the Play Integrity API and its predecessor, the SafetyNet Attestation API, weren't as much of a concern for power users, as they could often find easy workarounds. However, Google has been moving to enforce hardware-backed security signals. These are significantly harder to bypass because, unlike simpler past methods, they are rooted in the hardware itself. While these hardware-based checks offer more robust security, power users had found some reprieve in the fact that Google wasn't universally enforcing their strictest application. Furthermore, it was up to app developers to decide whether they wanted hardware-backed security signals to be enforced. This gave developers the flexibility to restrict their apps' usage as they saw fit. For example, banking or payment apps often went out of their way to check that devices passed hardware-backed signals, but now, these signals are part of Play Integrity's baseline for all integrators of the API. In December of last year, Google announced a major update to the Play Integrity API that enhances the 'basic,' 'device,' and 'strong' integrity verdicts on devices running Android 13 or later. The 'device' and 'strong' integrity verdicts are the two more stringent verdicts apps can receive when calling the Play Integrity API. The 'basic' verdict, while less stringent, is also not as widely used by developers seeking higher levels of security. Google In the past, only the 'strong' integrity verdict used hardware-backed security signals. Starting in December of last year, however, Google made all integrity verdicts even stricter: the 'device' integrity verdict was updated to also use hardware-backed security signals, while the 'strong' integrity verdict was revised to require a security patch level from within the last year. Meanwhile, the 'basic' integrity verdict was also updated to use hardware-backed signals, though due to its less stringent requirements, it passes even on devices with root enabled or the bootloader unlocked. Google's stated reasoning for this change was to make the Play Integrity API faster, more reliable, and more private for users by reducing the number of signals that need to be collected. These changes also make the API harder and more costly for attackers to bypass. At the time of the announcement, these updated integrity verdicts weren't immediately enforced. Google made them opt-in for developers but stated that all '[Play Integrity] API integrations would automatically transition to the new verdicts in May 2025.' Well, it's now May, and Google is making good on its promise. At Google I/O 2025, the company announced that it had flipped the switch and made all integrity verdicts stronger by default. During the 'what's new in Google Play' session, Raghavendra Hareesh, the Lead of Play Developer and Play Monetization at Google, said that the company is 'rolling out stronger verdicts for all developers with no additional developer work required.' 'The Play Integrity API is a vital tool in any comprehensive security strategy. Helping you defend your entire app experience. It's crucial in preventing abuse that can lead to revenue loss and also harm your users. Developers who have been using this API are seeing over 80% lower unauthorized usage compared to other apps. That means less fraud, less cheating, or data theft. And we are continuing to evolve this Play Integrity API to stay ahead of all the threats that are out there. So today we are rolling out stronger verdicts for all developers with no additional developer work required. This makes it faster, more reliable, and more privacy-friendly to check if a device is trustworthy. Developers can also now check if a device has recently installed a security update, which is very important for apps which are protecting sensitive actions.' Raghavendra Hareesh, Lead of Play Developer and Play Monetization at Google This means that power users who root their phones or install a custom ROM may suddenly find some apps stop working, especially on devices running Android 13 or later. Even users with unmodified Android 13+ devices might face problems if their devices haven't received a software update in a while. This is because apps checking the 'strong' integrity verdict require a recent security patch level to pass. Mishaal Rahman / Android Authority Error message in the Pokémon Go app when the device fails its Play Integrity checks Google's full implementation of hardware-backed security signals has been anticipated for some time. While power users previously found simple ways to bypass earlier measures — often by tricking the Play Integrity API into relying on more easily spoofed software-based checks — these methods were never permanent solutions. It was, therefore, only a matter of time before these users would encounter broken apps. Soon, easy workarounds will likely vanish, leaving users with no choice but to either resort to shady keybox leaks or to restore their devices to stock. So, while Google's primary aim with these changes is to improve app security for everyone, they nonetheless degrade the experience for these power users. Thanks to security researcher linuxct for his inputs on this article! Got a tip? Talk to us! Email our staff at Email our staff at news@ . You can stay anonymous or get credit for the info, it's your choice.
India.com
06-05-2025
- India.com
Bad news for millions of Android users, they might have to replace their phones due to..., Google's new update is...
Google's Android operating system powers smartphones for millions of people around the world, including in India. But now, many users might soon need to upgrade their devices — especially those using phones running Android 12 or older versions. Google is shifting to a new tool called the Play Integrity API. This system is designed to help app developers detect fraud, bots, and other forms of misuse. It replaces older security methods and gives developers better insights into how their apps are being used. Better protection against unauthorized access Google claims that by using this new API, apps will be much safer. According to their data, it can reduce unauthorized access by up to 80 per cent. That means apps will be more secure and less likely to be misused on devices that meet the latest standards. How will it affect older android devices? The Play Integrity API is built to work best with Android 13 and newer versions. For those still using Android 12 or earlier, this could mean trouble. Some apps might stop working properly or lose support altogether. In fact, from May 2025, using the updated API will become mandatory for all app developers. Developers will also be able to monitor how their apps behave on different versions of Android — and may choose to stop supporting older ones for performance or security reasons. What should you do? If you're using an older Android phone, it's a good idea to: Check your current Android version in your phone's settings. Consider upgrading your device if it runs Android 12 or earlier. Keep an eye on app updates — if some stop working, this might be the reason. Millions of users could be affected According to Google's latest data, only about half of all Android users currently use Android 13 or a newer version. Roughly 200 million users are still using Android 12 or Android 12L. Google has stopped providing security patches for both these versions, which increases the risk of cyberattacks for users on older devices. Older phones may need to be replaced If you're using a phone with Android 12 or an earlier version, you may be left with two options: Hope your smartphone manufacturer rolls out a new update — which is unlikely for older models and could be costly. Upgrade to a new phone that supports Android 13 or newer to continue receiving full app support and security protection.
Forbes
30-04-2025
- Forbes
Google's Update Decision—Bad News For 50% Of Android Users
New Play Store warning affects millions. AFP via Getty Images Update: Republished on April 29 with major Play Store change as apps are removed. Google has quietly changed how apps run on your phone. Starting next month, the Android-maker will let apps work differently depending on your phone. The bad news is this could see finance, messaging and other apps stop working properly for you. And the latest data suggests this affects more than half of all users. This is being driven by the Play Integrity API, which Google says 'is an essential tool to help protect your business from abuse such as fraud, bots, cheating, and data theft,' with 'apps that use Play Integrity features to detect suspicious activity seeing an 80% drop in unauthorized usage on average compared to other apps.' But the technology has now changed, and will draw a line between Android 12 and all newer versions of the OS. This means for 'all devices running Android 13 and above [it will] make it faster, more reliable, and more private for users.' Conversely, if you're running Android 12 or older, then everything could now slow down. And that's a lot of devices — half of all Android phones, to be precise. Google is also adding 'enhanced security signals.' With these, developers can decide how trusted the device is that's running their app. Google has told developers they can now run differently on 'devices running Android 12 and lower than [with] Google introduced this developer change on an opt-in basis at the start of the year, confirming the deadline for 'it automatically updating' for everyone is May 2025. The size of that problem has also just been shared by Google, with more than half of all Android devices yet to update to Android 13 or better. This latest data is worse than thought, albeit we knew that at least one-third of Android devices were out of support. Around 200 million Android 12 users have an even bigger problem than this Play Integrity API change. Per Android Authority, 'Google is no longer backporting security patches to Android 12 or 12L, as both operating systems have reached end-of-life status.' This doesn't mean device OEMs won't step in for a time to bridge the gap, but it's difficult and costly and so don't rely on that happening. In addition to pushing apps to behave differently, Google is also pushing for there to be less of them. Last year, the company ramped up its efforts to remove lower quality, higher risk apps from Play Store, and has also introduced warning labels for apps that show worrying signals, such as uninstalls, that might betray a quality issue. And that hurdle raising is working. According to the latest data from Appfigures (via TechCrunch), 'from the start of 2024 to the present, the Android app marketplace went from hosting about 3.4 million apps worldwide to just around 1.8 million… That's a decline of about 47%, representing a significant purge of the apps that have been available to Android users globally.' Google previewed this cull last summer. 'Apps should provide a stable, responsive, and engaging user experience,' it said, warning that 'apps that crash, do not have the basic degree of adequate utility as mobile apps, lack engaging content, or exhibit other behavior that is not consistent with a functional and engaging user experience are not allowed on Google Play.' And here we now are This drop in app numbers is not 'part of some larger global trend.' The same research found the number of apps in Apple's store increased over the same period. Meanwhile, 'if you still have an Android 12 or 12L device,' or clearly anything even older than that, Android Authority says, 'it's time to upgrade if you value security.' It's hard to argue. Put simply, if you're not yet running Android 13 or above you need an OS update at least, and more likely a phone upgrade to something newer.
Forbes
28-04-2025
- Forbes
Do Not Let Your Phone Get On This Dangerous List
Do not get on the list Android has a serious problem. Half its users are running an OS version that's on the unsupported list, and Google has also decided that apps may stop working properly on those phones next month. You need to check what OS version you're running. In its new Global Mobile Threat Report, Zimperium warns 'at any given point in the year, over 50% of mobile devices are running outdated OS versions, and a significant number are compromised or infected.' Make sure your phone is not on this list. Google recently stopped providing security updates for the 200 million Android 12 users, adding it to the other unsupported OS versions still in use, which account for more than half of all Android phones. This isn't just an Android problem, though, and Zimperium warns iPhone users are just as likely to be on that naughty list. Google's latest change to its Play Integrity API means apps can run differently on Android 12 or older — in other words more slowly and with more restrictions. All told, it's set to become an even more painful experience than now. But the security concerns are more critical. And this is especially true for enterprises allowing their users to access company systems and networks from their own devices. Zimperium says 'this creates untrusted environments where even apps that employ security measures are susceptible to manipulation. Without device attestation, apps can't distinguish between safe and hostile execution environments, exposing sensitive data and operations.' Which is why Google wants apps restricted. There are almost 2 million apps on Apple's App Store and as many as 2.87 million on Google's Play Store, albeit its cull of low-quality apps continues. 'Most apps,' Zimperium says, 'rely on basic tools or have no protection, including in high-risk sectors like finance. Organizations are either underestimating the sophistication of mobile threats or relying too heavily on platform-level security.' Most users have countless apps on their phones, many of which were installed casually and are no longer used. But all of which are a potential security risk. Typical users have 80 to 100 apps installed, Zimperium reports, with only a few work-related. 'Meanwhile, 66% of American employees use their personal smartphones for work, and 70% of organizations support BYOD.' Again, this is why Google has acted. More apps, more phones, outdated firmware, delayed (if any) updates. You can see why Zimperium describes 'a fragmented, under-secured mobile landscape where apps and devices become potential vectors for data loss, fraud, and enterprise breaches.' The greatest threats to iPhone users come by way of mobile targeted phishing — designed to trick users given the restrictions of small screen devices, and network interception attacks. Whilst for Android, unsurprisingly, the major risk is sideloading. Staying safe is easy — that's the good news; here's your five-point plan:
Forbes
28-04-2025
- Forbes
Google's Android Decision—Bad News For 50% Of All Users
New Play Store warning affects millions. Google has quietly changed how apps run on your phone. Starting next month, the Android-maker will let apps work differently depending on your phone. The bad news is this could see finance, messaging and other apps stop working properly for you. And the latest data suggests this affects more than half of all users. This is being driven by the Play Integrity API, which Google says 'is an essential tool to help protect your business from abuse such as fraud, bots, cheating, and data theft,' with 'apps that use Play Integrity features to detect suspicious activity seeing an 80% drop in unauthorized usage on average compared to other apps.' But the technology has now changed, and will draw a line between Android 12 and all newer versions of the OS. This means for 'all devices running Android 13 and above [it will] make it faster, more reliable, and more private for users.' Conversely, if you're running Android 12 or older, then everything could now slow down. And that's a lot of devices — half of all Android phones, to be precise. Google is also adding 'enhanced security signals.' With these, developers can decide how trusted the device is that's running their app. Google has told developers they can now run differently on 'devices running Android 12 and lower than [with] Google introduced this developer change on an opt-in basis at the start of the year, confirming the deadline for 'it automatically updating' for everyone is May 2025. The size of that problem has also just been shared by Google, with more than half of all Android devices yet to update to Android 13 or better. This latest data is worse than thought, albeit we knew that at least one-third of Android devices were out of support. Around 200 million Android 12 users have an even bigger problem than this Play Integrity API change. Per Android Authority, 'Google is no longer backporting security patches to Android 12 or 12L, as both operating systems have reached end-of-life status.' This doesn't mean device OEMs won't step in for a time to bridge the gap, but it's difficult and costly and so don't rely on that happening. 'If you still have an Android 12 or 12L device,' Android Authority says, 'it's time to upgrade if you value security.' It's hard to argue. Put simply, if you're not yet running Android 13 or above you need an OS update at least, and more likely a phone upgrade to something newer.
