this post was submitted on 28 May 2025
266 points (98.9% liked)

Technology

70461 readers
5423 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
266
Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass. (www.androidauthority.com)
submitted 3 days ago by abobla@lemm.ee to c/technology@lemmy.world
70 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] idunnololz@lemmy.world 18 points 2 days ago* (last edited 2 days ago) (1 children)

Time to get downvoted to oblivion.

I see a lot of people questioning why Google would do this and the answer is pretty simple.

Google created a tool a long, long time ago which was meant to make sure traffic from a device was "legit". This tool is 100% optional and app developers can use it if they would like. However, the tool was easy to bypass, so over the years Google has been making the tool harder and harder to bypass.

This article is just sharing news that Google is once again making this tool harder to bypass.

So why is Google doing this? They are doing this because they don't want their tool to be bypassable. Their tool is worthless if it can be bypassed.

The tool in question here is the Play Integrity API (previously known as the SafetyNet Attestation API). This is a tool that is offered to app developers that app developers can take advantage of if they want. The selling point of the tool is if you have operation in your app that is critical, you can try to prevent some abuse by verifying that the app is running on a "trusted build of Android" and that the app itself has not been modified from the original. That's all the tool does.

This isn't a new API. This isn't something Google is trying to force app developers to use. No. From Google's point of view, they are just making sure their tool does it's job properly.

As for why companies might choose to use this tool, a big reason is because Android is a huge target for fraud. Apple has locked all their stuff down so it is much harder to commit fraud on iOS (not impossible though). Although Apple offers something similar, there is generally less fraud coming from iOS devices vs Android. It's the double-edged sword of having a more open platform.

Companies are obviously not going to be happy to be the target of fraud so they have to weigh their options. Either they block a small percentage of their users that are possibly legit by implementing Play Integrity API or they risk losing a % of their income to fraud.

Now you can disagree with the tool's job, I'm not trying to argue whether the tool is good or bad. That is extremely subjective, but hopefully this answers why Google is making this change.

[–] Mubelotix@jlai.lu 3 points 2 days ago

Yeah except that bot farms already use hardware that will pass the checks, unlike regular harmless users who will get hurt by this. Google comes after the good guys