Integrity protection for Google Play Games on PC

Google Play Games on PC supports integrity protection through the Play Integrity API and several other Google Play features to help ensure that your game hasn't been tampered with or installed from an untrustworthy source.

Play Integrity API

The Play Integrity API helps protect your games from potentially risky and fraudulent interactions. The API enables you to reduce attacks and abuse such as fraud, cheating, and unauthorized access. The Play Integrity API replaces the SafetyNet Attestation API (SNAA) and Play App Licencing API. SNAA does not work with Google Play Games on PC.

Device Integrity Field

The deviceRecognitionVerdict field contains a single value, deviceRecognitionVerdict, that represents how well a device can enforce app integrity. By default, deviceRecognitionVerdict can have one of these values:

  • MEETS_DEVICE_INTEGRITY: The app is running on an Android-powered device with Google Play services. The device passes system integrity checks and meets Android compatibility requirements.
  • MEETS_VIRTUAL_INTEGRITY: The app is running in a virtual Android environment with Google Play services, currently limited to Google Play Games on PC. The environment meets core Android compatibility requirements and passes Google Play integrity checks.
  • None (a blank value): The app is running on a device that has signs of attack (such as API hooking) or system compromise (such as being rooted), or the app is running on a non-physical device (such as an emulator) that does not pass Google Play integrity checks.

The Play Integrity API uses the deviceRecognitionVerdict value MEETS_VIRTUAL_INTEGRITY to indicate that the game is running on Google Play Games on PC. Here's an example of a passing response from the Play Integrity API:

deviceIntegrity: {
    // "MEETS_VIRTUAL_INTEGRITY" indicates the game is running on Google Play Games on PC
    deviceRecognitionVerdict: ["MEETS_VIRTUAL_INTEGRITY"]
}

If you have a cross-platform game available on both mobile and Google Play Games on PC, make sure your validation logic checks for both MEETS_VIRTUAL_INTEGRITY and MEETS_DEVICE_INTEGRITY.

Automatic Integrity Protection

Automatic integrity protection is a runtime check added by Google Play each time your game is opened. If your game is tampered with or not installed by Google Play, automatic integrity protection can prevent it from running. Automatic integrity protection does not check the device. You must use the Play Integrity API to get the device integrity status.

Automatic integrity protection helps protect integrity with the following features:

  • Require installation from Google Play: Adds a check to see if your app was installed from Google Play. If this check fails, the user is prompted to get your app from Google Play. This feature is on by default, but you can turn it off. Turning off this feature disables piracy protection for paid apps.
  • Restrict modification: Adds a check to see if your app is unmodified. If this check fails, the app does not run. This feature is always on and can't be turned off.
  • Restrict reverse-engineering: Adds obfuscation and other advanced techniques that make it difficult for an attacker to remove runtime checks. This feature is always on and can't be turned off.

Automatic Integrity Protection requires the developer to opt in. It requires no code changes or developer work.

Protections run whether or not there is a data or internet connection. There are no server-side components required. The "Require installation from Play" check periodically requires a data connection if the Play Store app on the device has been offline for a prolonged period.