Before you use or access the Play Integrity API, do the following:
- Read the Play Integrity API Terms of Service.
- Understand how the API handles data.
Terms of Service
Last modified: January 26, 2022
- By using the Play Integrity API, you agree to these terms in addition to the Google APIs Terms of Service ("API ToS"). If these terms are ever in conflict, these terms will take precedence over the API ToS. Please read these terms and the API ToS carefully.
- For purposes of these terms, "APIs" means Google's APIs, other developer services, and associated software, including any Redistributable Code.
- "Redistributable Code" means Google-provided object code or header files that call the APIs.
- Subject to these terms and the terms of the API ToS, you may copy and distribute Redistributable Code solely for inclusion as part of your API Client. Google and its licensors own all right, title and interest, including any and all intellectual property and other proprietary rights, in and to Redistributable Code. You will not modify, translate, or create derivative works of Redistributable Code.
- Google may make changes to these terms at any time with notice and the
opportunity to decline further use of the Play Integrity API. Google will
post notice of modifications to the terms at
https://developer.android.com/google/play/integrity/terms#tos. Changes will not be retroactive.
Google Play has a data safety section for developers to disclose their apps' data collection, sharing, and security practices. To help you complete the data safety section requirements, you can use the information below on how the Play Integrity API handles data.
The Play Integrity API is a runtime interface with the Google Play Store. As such, when you use Play Integrity in your app, the Play Store runs its own processes, which include handling data as governed by the Google Play Terms of Service. The information below describes how the Play Integrity API handles data to process specific requests from your app.
|Data collected on usage||Nonce provided in the request|
Application signing certificate
A device attestation token generated by Google Play services
|Purpose of data collection||The data collected is used to verify the application integrity, the licensing status, and the device integrity.|
|Data encryption||Data is encrypted.|
|Data sharing||Data is not transferred to any third parties.|
|Data deletion||Data is deleted following a fixed retention period.|
While we aim to be as transparent as possible, you are solely responsible for deciding how to respond to Google Play's data safety section form regarding your app's user data collection, sharing, and security practices.