Google Play Integrity API Now Blocks Apps Installed from Third-Party Sources

The publication Android Authority has reported that Android app developers who want to prevent their apps from being installed from third-party sources can now do so using the Play Integrity API. As a result, users will be prompted to download the app from the Google Play Store, and there is no way to bypass this “recommendation.”

Originally, Play Integrity (formerly SafetyNet Attestation) was an API for Android that allowed apps to determine if a device had been rooted. Root access gives full control over the device, which many app developers dislike. After receiving the appropriate signal from the API, certain types of apps may simply refuse to run.

Typically, banking apps, Google Wallet, some games, Snapchat, and several multimedia apps (like Netflix) will not work on rooted devices. This is because root access can be used for cheating in games or phishing banking data.

How the Play Integrity API Works

As noted by Android Authority, the Google Play Integrity API also helps developers “verify that interactions and server requests come from the binaries of their genuine app running on a genuine Android device.” The API checks whether the app has been modified, if it’s running in an “untrusted” environment, whether Google Play Protect is enabled on the device, and more.

Just like with SafetyNet Attestation, developers can call the Play Integrity API at any time to receive a so-called “verdict” on integrity, based on which they decide how to proceed. As mentioned above, some apps call the Play Integrity API at launch and completely block access depending on the verdict. Others may only check when the user tries to perform a specific action and will warn the user not to continue.

New Features Introduced at Google I/O

Back in May of this year, at the Google I/O conference, Google showcased new Play Integrity API features that allow apps to display certain dialogs after receiving a “problematic” integrity verdict.

For example, when appLicensingVerdict returns the value UNLICENSED in the integrity verdict, it means the user’s current account does not have a license—that is, the person did not install or purchase the app from the Google Play Store.

In response, the developer can use the Play Integrity API to display a GET_LICENSED dialog, prompting the user to install the app from the Google Play Store. If the user agrees, their account becomes licensed (so next time, appLicensingVerdict will return LICENSED), the app is added to their Play Store library, and it will receive updates through the official Google store.

As shown in the example above, the dialog box offers to download the app from the Google Play Store to continue using it. While it’s possible to close this window, there is no way to bypass it entirely. If the window is simply closed, the app receives a corresponding response, which is sent to the developer, who can then decide whether to continue blocking access for the user.

When the “Get app” button is pressed, the app’s page in the Google Play Store opens, where instead of the usual “Install” button, there is a “Install from Play” button. Clicking it brings up a dialog asking if the user really wants to “install this app from Play.” If agreed, the “unknown” version of the app will be removed from the device along with all associated data.

Developer Adoption and Future Outlook

The publication notes that developers have previously had ways to determine if their apps were installed from third-party sources, but now such checks have become much easier.

Currently, it’s not definitively known which apps are using this feature. It’s likely already in use in some games. According to user reports, this functionality has already been adopted by the Tesco and BeyBlade X apps, as well as the popular game Diablo Immortal. Most likely, more apps will start using this feature over time.