RikkaW / YASNAC

Yet Another SafetyNet Attestation Checker
MIT License
617 stars 35 forks source link

Add Play Integrity support #33

Open linuxct opened 2 years ago

linuxct commented 2 years ago

Hi @RikkaW @vvb2060,

As seen in this Google Forum post by the SafetyNet team, Google is set to phase out SafetyNet in the next 2 years, but will instruct developers to transition to Play Integrity starting from now.

Would you be interested in integrating a PR to support Play Integrity as part of YASNAC? I know how to implement it, but I want to know your opinion before I write it.

We will only need to discuss on a separate channel (Telegram?) how we can setup Play Integrity on your Google Play Console app details for Play Store releases/Cloud Console project for GitHub releases.

Please let me know if you are interested!

RikkaW commented 2 years ago

Play Integrity API also has a 10,000 daily quota, just like SafetyNet API. Devs need to fill in a form to request a higher quota. For SafetyNet API, it's possible to use multiple APIs to avoid filling in the form. But for Play Integrity API is impossible. Apps published with my Play developer account are almost all "magic apps" (apps that require adb or root). I'm worried about if filling in the form will trigger some extra reviews on my other apps and making them banned.

Then, I don't think Google will allow the app that decrypt the response locally to get a higher quota, so a server is required.

noraj commented 1 year ago

Here is the discontinuation notice https://developer.android.com/training/safetynet/deprecation-timeline

So there is until June 2023 to move to Play Integrity API.

noraj commented 1 year ago

As an example there is this app doing it https://github.com/1nikolas/play-integrity-checker-app using this server https://github.com/1nikolas/play-integrity-checker-server