Google to discontinue SafetyNet API in favor of Play Integrity API
SafetyNet is a term that probably everyone in the Android modding community is familiar with. After unlocking the bootloader and flashing a custom ROM, passing the SafetyNet integrity test is critical if you want to use banking apps and streaming apps like Netflix. Over the years, it has become harder and harder to circumvent SafetyNet, especially after Google started enforcing hardware-backed attestation. But the API is now going away, and it looks like the community will soon be fighting a new demon.
Google has announced plans to phase out SafetyNet, an anti-abuse API that allows apps to check the integrity of the Android device. It will be replaced by the new Play Integrity API, which Google is billing as a more advanced and sophisticated method to protect apps and games against tempering and potentially risky and fraudulent interactions. It was originally announced at Google for Games Development Summit last year.
“As we move to further improve the portfolio of anti-abuse solutions, we plan to gradually deprecate the SafetyNet Attestation API by 2024. This gradual deprecation should give you time to migrate to the new Play Integrity API and avoid disruptions for your business,” reads an official announcement from The SafetyNet API Clients Team.
The SafetyNet Attestation API will be deprecated by 2024. Google is advising app developers to start integrating the Play Integrity API in their apps as soon as possible. Apps that haven’t migrated to the new API by June 30, 2023, will no longer be able to use SafetyNet Attestation. However, if you have migrated, it will still work on the older installations of your app. But starting June 2024, the SafetyNet Attestation API will no longer work for any version of your app.
Google says the new Play Integrity API is superior to the old API in almost all regards. It incorporates multiple integrity offerings, including the SafetyNet Attestation integrity verdict. The migration process is quite simple since the two APIs are conceptually similar. You can check out the migration guide here.
What the Play Integrity API means for the Android modding community and how it will affect the custom ROM scene remains to be seen. However, one thing is clear — it definitely won’t be easy to bypass the device integrity test with the new API. If anything, the Play Integrity API only marks the beginning of a new cat and mouse game. But we can always hope the community will once again find a way to get around it.
Thanks to XDA Member Some_Random_Username for the tip!
Source: Google Groups