Google’s recent updates to its Play Integrity API are set to make it difficult for advanced users with smartphones that are rooted or running custom ROMs to user certain applications. According to a report, the Google Play Integrity API, which is used by developers to ensure that their apps are running on a secure device, now uses hardware-backed security signals to provide integrity verdicts. This will make it much harder for users with a non-certified version of Android to bypass Google’s checks, and limit their access to various apps or services.
Google Play Integrity API Now Uses Hardware-Backed Security Signals
The company’s Play Integrity API offers three integrity verdicts for developers: basic, device, and strong. Android Authority reports that the latest update to the API now uses hardware-backed signals when providing the “device” verdict, which are based on information gathered from a user’s device. Google first unveiled these changes in December 2024
Google’s Play Integrity API
Photo Credit: Google
This means that power users who have a rooted smartphone or a handset with a custom ROM (both of which require the bootloader to be unlocked) will no longer be able to bypass Google’s checks. These users will not be able to access banking, gaming, payment and other applications that require devices to pass the Play Integrity API’s “device” level check.
When the company announced these changes to the Play Integrity API, it said it would reduce the number of signals collected from a user’s device, while making it harder for attackers to bypass these protections. The company said all uses of the API would switch to the stronger verdict by this month, and the changes are now rolling out, according to the publication.
Similarly, developers who request the “strong” verdict for their apps will be able to determine if the user’s device has received a security patch within the past 12 months. This means that any smartphone running on Android 13 or newer (and not just third-party custom ROMs) might be affected if the manufacturer hasn’t rolled out security updates in the past year.
The Play Integrity API is designed to help developers prevent their apps or services from being accessed on devices that are capable of modifying the way they were designed, but it could also prevent users with outdated security patches from accessing their applications. Meanwhile, users with rooted phones, or devices with custom ROMs will have to choose between running mods or switching back to the version of Android their phone shipped with, in order to continue accessing these applications.
