CRW

Home Wiki

Play Integrity API

Last updated View on consumerrights.wiki ↗

Contents9
  1. How it works
  2. From SafetyNet to Play Integrity
  3. Lockout of alternative operating systems
  4. GrapheneOS's objection
  5. Google's stated rationale
  6. Apple's counterpart
  7. Alternatives and pushback
  8. See also
  9. References

The Play Integrity API is a Google service that lets an Android app check whether it is running on what Google calls a "genuine and certified Android device" before the app agrees to work.[1] Apps that require it refuse to run on devices that do not return Google's certification verdict, which by design excludes de-Googled and alternative Android systems such as GrapheneOS and LineageOS even when those systems keep a locked bootloader and current security patches.[2][3] As banking, government-identity, and other apps adopt the check, an owner who installs a more private or better-maintained operating system on hardware they own can be locked out of software that runs without complaint on an outdated but factory-certified phone.[2][4]

How it works

When an app calls the Play Integrity API, Google returns a device-integrity verdict in one of three tiers: MEETS_BASIC_INTEGRITY, MEETS_DEVICE_INTEGRITY, and MEETS_STRONG_INTEGRITY.[2] The middle tier, which many banking and corporate apps require, is granted, on Android 13 and higher, only when there is "hardware-backed proof that the device bootloader is locked and the loaded Android OS is a certified device manufacturer image."[2] The strongest tier additionally requires that the device received security updates in the last year.[2]

Google's Play Integrity documentation defines the MEETS_DEVICE_INTEGRITY verdict as requiring a locked bootloader and "a certified device manufacturer image," the condition an alternative operating system does not meet.[2]

The verdict rests on Android hardware-backed key attestation, which Google describes as giving an app "more confidence that the keys you use in your app are stored in a device's hardware-backed keystore."[5] Because an alternative operating system signs its own verified-boot image instead of shipping the manufacturer's, it reports a different cryptographic root of trust and does not produce the device-integrity verdict by default, no matter how current its patches are.[2][3] The device-integrity tier certifies the origin of the operating system image, not how current it is, so an older, unpatched but factory-certified build passes the check while a fully patched alternative system does not.[2]

From SafetyNet to Play Integrity

Play Integrity is the successor to Google's earlier SafetyNet Attestation API. Google deprecated SafetyNet in 2022 and fully turned it down in January 2025, telling developers to "migrate to the Play Integrity API," which consolidated the older integrity checks under one interface.[6]

Lockout of alternative operating systems

In 2026, owners running GrapheneOS reported that Volkswagen's official app would no longer let them control their cars; Volkswagen's support email said the app is supported only on "Android devices with supported operating system versions" and not on "custom ROMs, e.g. GrapheneOS, LineageOS," because it "relies on security-relevant system components and certified Android standards."[7] A related Volkswagen change, the Volkswagen Carnet API shutdown, routed third-party vehicle-data access through an official Volkswagen Group app.[8]

Government identity software has adopted the same requirement. The Android app for the European Union's Digital Identity Wallet enforces Play Integrity; in February 2025, users opened a request on its official code repository titled "Please remove the requirement for Google Play Integrity," reporting that the check shut LineageOS, GrapheneOS, unlocked-bootloader, and older devices out of their digital government documents.[4] The European Union's age-verification app drew the same criticism in July 2025 for requiring a Google-approved Android device or an iPhone; its developer, Scytales, responded that the app is a white-label product and that Play Integrity is only one of the device checks an implementer can use.[9][10]

GrapheneOS's objection

GrapheneOS argues the exclusion is a business decision rather than a security one, and that an app wanting a genuine hardware-backed guarantee already has a better tool.[3] Its attestation compatibility guide says an app can support GrapheneOS "by using the standard Android hardware attestation API and permitting our official release signing keys," an approach it calls stronger than Play Integrity because it can "whitelist the keys of alternate operating systems."[3] The project states the reason apps decline to do so directly:

"The only reason they aren't permitting it is because we do not license Google Mobile Services (GMS) and these apps are enforcing Google's business interests rather than security."

[3]

The GrapheneOS attestation compatibility guide states that apps blocking the system through Play Integrity do so because GrapheneOS does not license Google Mobile Services and "these apps are enforcing Google's business interests rather than security."[3]

In May 2026, Android Authority reported the same position, quoting GrapheneOS that "Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit" and describing the purpose of such checks, in the project's words, as "disallowing people from using hardware and software not approved by Apple or Google."[11]

Google's stated rationale

Google presents the API as an anti-fraud and anti-abuse tool. Its documentation says the service helps a developer "check that user actions and server requests are coming from your genuine app, installed by Google Play, running on a genuine and certified Android device," and positions it against tampered app binaries, automated bots, and access from risky environments.[1]

Apple's counterpart

Apple enforces a parallel check on iOS through its App Attest service, part of the DeviceCheck framework, which lets an app's server confirm that requests come from a legitimate instance of the app running on a genuine Apple device.[12]

Alternatives and pushback

Unified Attestation presents itself as "a free, open-source alternative to Google Play Integrity" that an app can run alongside Google's own check; it is led by Volla Systeme GmbH.[13] GrapheneOS opposes that scheme as well, arguing it would replace Google's gatekeeping with a new vendor-managed allow-list rather than open access to any hardened operating system.[14]

On the hardware side, in March 2026 Motorola announced a partnership with the GrapheneOS Foundation to build a future smartphone with GrapheneOS and to bring some of its security features to other Motorola devices, though the companies committed to no release date.[15]

See also

References

  1. 1.0 1.1 "Play Integrity API overview". Google, Android Developers. Retrieved 2026-06-19.
  2. 2.0 2.1 2.2 2.3 2.4 2.5 2.6 2.7 "Play Integrity API verdicts and device integrity field". Google, Android Developers. Retrieved 2026-06-19.
  3. 3.0 3.1 3.2 3.3 3.4 3.5 "Attestation compatibility guide". GrapheneOS. Retrieved 2026-06-19.
  4. 4.0 4.1 "Please remove the requirement for Google Play Integrity". GitHub (eu-digital-identity-wallet/eudi-app-android-wallet-ui). 2025-02-21. Retrieved 2026-06-19.
  5. "Verify hardware-backed key pairs with key attestation". Google, Android Developers. Retrieved 2026-06-19.
  6. "SafetyNet Attestation API deprecation timeline". Google, Android Developers. Retrieved 2026-06-19.
  7. "Volkswagen App". GrapheneOS Discussion Forum. Retrieved 2026-06-19. (thread in which an affected owner reproduces Volkswagen's support email verbatim).
  8. Born, Günter (2026-05-29). "VW und Audi sperren API-Schnittstelle, Smart-Home-Blackout seit 27.05.2026 (Teil 1)". Borncity. Retrieved 2026-06-19.
  9. "The EU's age-verification application requires a Google or Apple account and Google-approved Android device or iPhone". OSNews. 2025-07-28. Retrieved 2026-06-19.
  10. "EU Age Verification app integrity checks won't depend on Google, Apple: Scytales". Biometric Update. 2025-07-29. Retrieved 2026-06-19.
  11. Sharma, Adamya (2026-05-10). "GrapheneOS warns Google and Apple device checks are locking out alternative operating systems". Android Authority. Retrieved 2026-06-19.
  12. "Establishing your app's integrity (App Attest)". Apple Developer Documentation. Retrieved 2026-06-19.
  13. "Unified Attestation". Volla Systeme GmbH. Retrieved 2026-06-19.
  14. "GrapheneOS calls on privacy-focused app developers to boycott European Unified Attestation". PiunikaWeb. 2026-03-10. Retrieved 2026-06-19.
  15. Schoon, Ben (2026-03-01). "Motorola confirms GrapheneOS partnership for a future smartphone". 9to5Google. Retrieved 2026-06-19.
Filed under