Volver a todos los artículos
Seguridad

Play Integrity API en 2026: Generación de Tokens para Registro de Cuentas Android

Dentro de Play Integrity API en 2026: cómo se generan tokens de attestación para registro de cuentas en TikTok, Instagram, Telegram, WhatsApp, Snapchat, Discord, VK y cualquier app Android. Por qué SafetyNet falló y costes de integración.

REGHelp TeamPublicado: 3/3/2026Actualizado: 4/3/202611 min de lectura

Play Integrity & Device Attestation Guide

Device attestation APIs verify that an app is running on a genuine, unmodified device. Google's Play Integrity API (successor to SafetyNet Attestation) is the standard for Android device verification.

What Is Play Integrity?

Play Integrity API provides cryptographic attestation that:

  • The app binary hasn't been tampered with
  • The device is running a genuine Android build
  • The app was installed from Google Play Store
  • The device meets basic security requirements

Play Integrity vs SafetyNet

FeaturePlay IntegritySafetyNet (deprecated)
StatusActiveDeprecated (June 2024)
Verdict typesDevice, App, AccountBasic, CTS Profile
IntegrationPlay Services SDKPlay Services SDK
Token formatJSON Web TokenJWS

REGHelp Integrity API

Generate Play Integrity tokens for test applications without requiring physical devices:

curl -X POST https://api.reghelp.net/v2/integrity/tokens -H "X-API-Key: YOUR_KEY" -H "Content-Type: application/json" -d '{"appName":"tg","mode":"standard","requestHash":"order:12345"}'

Request body

ParameterTypeDescription
appNamestringApp slug supported by the service (e.g. tg, whatsapp)
modestringstandard (default) or classic
requestHashstringRequired only for Standard; up to 500 UTF-8 bytes
noncestringRequired only for Classic; Base64URL without line wrapping, 16–500 chars
webHookurlOptional callback for terminal status

Send the API key in X-API-Key. Package name, cloud project number, certificate and current APK versionCode are resolved by the server from its application registry. Standard rejects nonce; Classic rejects requestHash.

Then poll GET /v2/integrity/tokens/TASK_ID with the same X-API-Key header until status: "done".

Use Cases

  • App development — test integrity check flows during development
  • QA automation — include device attestation in automated test suites
  • Security research — study how integrity verification works
  • Monitoring — verify your integrity checks are functioning correctly