Google Updates Play Integrity API, Impacting Root Users and Power Gamers
Brook.X
Power users and enthusiasts are well aware that OEMs must submit specific phone models to Google for certification. Typically, only certified devices can install and use certain copyright-protected or sensitive applications.
Models that are not certified or have lost certification due to user modifications, such as rooting, may find that certain apps, like banking apps, fail to run. An open-source project named PIF was created to address certification issues following device modification.
Today, Google announced an update to the Play Integrity API for developers. While this update simplifies processes for developers, it could impact users who modify their devices and power gamers.
The most significant change in this update is that the Play Integrity API will now issue a score based on the most recent security updates installed on the system. Developers can use this score to decide whether to allow their app to run on a system.
Take banking apps, for example:
If an Android device hasn't received security updates for over a year, its security score will be lowered. This indicates that the device is not secure enough, allowing banking apps to restrict usage or certain sensitive features to prevent data breaches.
In theory, tools like PIF, which obtain certain firmware keys to maintain security certification, could mitigate the potential impact on users if they continue to work.
However, not all users are power users. Those who aren’t might not know how to perform the necessary security validations using tools like PIF. Thus, the inability to update their systems could impact their future use.
Another aspect is the enhanced security label. By May 2025, Google will enable the enhanced security label option by default. Developers can choose from different levels of security enhancements, and systems like Android 12 and Android 13 will adjust accordingly.
These issues are likely of minimal concern to Chinese users, as Android devices marketed in China do not come with Google Play or related services. Furthermore, considering that most devices do not receive timely updates, employing this strategy could render many smartphones unusable.
