Play Integrity API (formerly known asSafetyNet)^[1] consists of severalapplication programming interfaces (APIs) offered by theGoogle Play Services to support security sensitive applications and enforceDRM. Currently, these APIs include device integrity verification, app verification, recaptcha and web address verification. It uses an environment called DroidGuard to perform theattestation.^[2]

The SafetyNet Attestation API,^[3] one of the APIs under the SafetyNet umbrella, provides verification that the integrity of the device is not compromised.^[4][5][6] In practice, non-official ROMs such asLineageOS fail the hardware attestation and thus prevent the user from using a non-compliant ROM with third-party apps (mainly banking) that require the API.Due to this, some consider this a monopolistic practice deterring the entrance of competingmobile operating systems in the market.^[7]

It requires a network connection to Google servers and validates the hardware signatures. Amongst the checks, the API looks forbootloader unlock status, ROM signatures, kernel strings, it also usesAVB2.0 anddm-verity attestations. Upon successful checks,Google Play will mark the device asCertified. The attestation runs in an environment called DroidGuard (com.google.android.gms.unstable).^[2]

The SafetyNet Attestation API (one of the four APIs under the SafetyNet umbrella) has been deprecated.^[8] As of 6 October 2023,^[update] Google planned to replace it with thePlay Integrity API by the end of January 2025.^[8][9] The transition ended on 20 May 2025, breaking applications which hadn't been updated.^[10] These attestations are offered by Google Play Services and thus are not available onfree Android environments, likeAOSP. Therefore, developers can require the API to be available and may refuse to execute on AOSP builds.

Under the same umbrella, Play Protect is a mechanism to find and remove "vulnerable" apps from one's Android device as well as store apps. Although it's meant to scan for malware-containing apps, it also looks for non-DRM compliant apps.^[11]

Multiple groups have criticised SafetyNet and the Play Integrity API.^[12] Criticisms include that it offers weaker protection compared to alternatives such as Android's hardware attestation API, which provides a stronger form of verification while having the ability to remain compatible with more secure Android operating systems likeGrapheneOS.^[13][14]

Critics argued it undermines competition by effectively requiring developers to rely on Google's proprietary services, strengthening its monopoly over the Android ecosystem and disadvantaging alternative, privacy-focused operating systems.^[15]

Users have also developed tools, such as thePlay Integrity Fix module forMagisk/KernelSU/APatch, which tricks the attestation using leaked fingerprints of vulnerable devices.^[16][17]

Furthermore, some have questioned the effectiveness of the attestation, claiming it does not deliver the level of security promised by Google and instead serves more as a form ofvendor lock-in than a meaningful security measure. Activists have also raised concerns that it may violate antitrust and competition laws, like theDigital Markets Act.

• Samsung Knox
• Trusted Computing

• Protect against security threats with SafetyNet
• How does Universal SafetyNet Fix work?
• SafetyNet Attestation API deprecation timeline
• Play Integrity API Documentation
• Play Integrity API Migration Guide

• Android (operating system)
• Computer security
• Digital rights management systems

• Articles with short description
• Short description is different from Wikidata
• Articles containing potentially dated statements from October 2023
• All articles containing potentially dated statements