Open non-bin opened 10 months ago
This is a really cool idea! The Play Integrity API sadly doesn't really use an API Key. You have to create a project in the Google Play Console and upload an APK there. Then Google knows this App belongs to this project and limits the amount of API requests to 10.000. If someone wants to host the app with their own limits you would need an Google Play Developer Account (costs 25€ if I remember correctly), create the project there, upload the APK and then your own rate limiting would apply. But I have plans to rate limit the amount of requests in my app per user and then maybe a request a day in the background would actually work without exceeding the 10.000 requests
Does that mean to test a version of the app, you have to do it load it through the play store? I was going to say I'd have a look at implementing scheduled tests over Christmas when I have some time, but that would be more hassle than it's worth
It was quite some time ago when I created the app but if I remember correctly there only has to be one version of the app available at the google Play Console so Google can map the App to a Play Console Project. I think Google uses something like the package name of the app or something similar which is unique to determine the corresponding Play Console Project and make the Integrity request. If you change some code and build a new version the request still works but in the integrity verdict the field app recognition verdict
shows UNRECOGNIZED_VERSION
which makes sense as this specific version is unknown to google but the request works as normal.
If you are motivated to implement some sort of scheduling over the holidays feel free to do soo! I am very happy about contributions to the project :)
Feature request
I'd love to have the app automatically run a test every morning (and maybe through the day too) and send a notification if it fails (option to say if strong is required, or if device integrity is ok)
Maybe only allow this feature with a user API key