Security & Device Integrity

To ensure the security of our services and protect against fraudulent activity, this SDK integrates the Google Play Integrity API for all Android requests.

Overview

The Play Integrity API helps protect your apps and games from potentially risky and fraudulent interactions. Our SDK automatically handles the generation and transmission of integrity tokens to ensure that the requests arriving at our servers originate from an unmodified version of your app running on a genuine Android device.

How it Works

The SDK follows a transparent, automated flow for every outgoing request:

1. Token Generation: For every network request, the SDK communicates with Google Play Services to obtain a unique, time-bound integrity token.

2. Header Injection: This token is automatically attached to the request header (e.g., X-Play-Integrity).

3. Server-Side Verification: Our backend receives the token and communicates with Google’s servers to verify the device's verdict (checking for rooted devices, emulators, or tampered app binaries).

Key Security Benefits

By using Google Play Integrity, we provide the following protections out of the box:

• Genuine App Binary: Ensures the request is coming from your official app, not a repackaged or modified version.

• Genuine Android Device: Detects if the app is running on a rooted device, an emulator, or a virtual framework that could be used for botting.

• Play Store Verdict: Verifies if the app was officially installed via Google Play.

Developer Requirements

No additional configuration is required on your part. The SDK handles the token lifecycle automatically.