Google deprecates old SafetyNet API in favor of Play Integrity API

[Robert Urrutia]

As of yesterday (May 20, 2025), Google has officially deprecated the SafetyNet Attestation API, replacing it with the more advanced Play Integrity API. This transition aims to enhance app security by providing developers with more robust tools to assess device integrity and protect against tampering and fraudulent interactions.

 

While the Play Integrity API is designed for newer Android versions, devices running Android 12 and earlier may still rely on SafetyNet Attestation. However, as the deprecation progresses, even these devices will need to transition to the new API to ensure continued functionality of certain apps.

 

 

Source: Android Developers - Overview of the Play Integrity API

 

 

The Play Integrity API introduces stricter integrity checks compared to its predecessor. It assesses device integrity through multiple levels:

• MEETS_STRONG_INTEGRITY: Indicates the device is unmodified, with a locked bootloader and verified boot chain.

• MEETS_DEVICE_INTEGRITY: Indicates the device passes basic system integrity checks but may have some modifications.

• MEETS_BASIC_INTEGRITY: Indicates the device passes minimal integrity checks, suitable for less security-sensitive applications.

 

For users who have unlocked their bootloader or rooted their devices, achieving the MEETS_STRONG_INTEGRITY level is virtually impossible. This means that apps requiring high integrity levels, such as banking or DRM-protected apps, may refuse to run on such devices. While some users employed tools like PlayIntegrityFix or TrickyStore to hide unlocked bootloader status and spoof a "legit" device, the enhanced checks in the Play Integrity API make bypassing these verifications more challenging and practically impossible to pass.

Quote

"All that said, if you’re not on a custom ROM, don’t care about root, don’t sideload apps, and just want to continue enjoying Android like a “normal” user, this is only going to be good news for you. The vast majority of these changes won’t be visible to you at all, and really all you could expect is that apps will be ever so slightly faster, as Google reduces API latency. You might find yourself running into more situations where an app protests because your phone hasn’t gotten a security update in over a year — but maybe that’s your cue to move to a better-supported handset, anyway."

 

This is clearly a hit to custom rom developers and the open source community. Google has started to lockdown Android in the same way Apple locks their garden and clearly limits the way users can use their device. This wouldn't be a problem if basically most of the major apps won't rely on Google's Play Services and Play Integrity API to check if your device has an unlocked bootloader or if it has been rooted. In other words: if you don't have Google in your phone you are cooked.

 

Sources

https://www.androidauthority.com/play-integrity-upgrades-3505270/

https://developer.android.com/privacy-and-security/safetynet

https://developer.android.com/google/play/integrity

https://www.xda-developers.com/safetynet-api-replaced-by-play-integrity-api/

 

[TempestCatto]

Eh. I bet you someone will figure out a way to just make a text file with a few lines of words to make the integrity checks happy.

[OhioYJ]

17 hours ago, Robert Urrutia said:

For users who have unlocked their bootloader or rooted their devices, achieving the MEETS_STRONG_INTEGRITY level is virtually impossible. 

Um people have been meeting strong integrity on root unlocked devices this entire time? 

 

You are right it's not like it was were you just hide magisk, or spoof another device in the early days, but still not impossible. 

 

Posted from my unlocked rooted device, that has working banking and streaming apps.

 

It's always been the sky is falling, I see this time as no different than any of the other times.