Retour aux articles
Sécurité

Play Integrity API en 2026 : Génération de Tokens pour Création de Comptes Android

À l'intérieur de Play Integrity API en 2026 : comment les tokens d'attestation sont générés pour la création de comptes sur TikTok, Instagram, Telegram, WhatsApp, Snapchat, Discord, VK et toute app Android. Pourquoi SafetyNet a échoué et coûts d'intégration.

REGHelp TeamPublié: 03/03/2026Mis à jour: 04/03/202611 min de lecture

Play Integrity & Device Attestation Guide

Device attestation APIs verify that an app is running on a genuine, unmodified device. Google's Play Integrity API (successor to SafetyNet Attestation) is the standard for Android device verification.

What Is Play Integrity?

Play Integrity API provides cryptographic attestation that:

  • The app binary hasn't been tampered with
  • The device is running a genuine Android build
  • The app was installed from Google Play Store
  • The device meets basic security requirements

Play Integrity vs SafetyNet

FeaturePlay IntegritySafetyNet (deprecated)
StatusActiveDeprecated (June 2024)
Verdict typesDevice, App, AccountBasic, CTS Profile
IntegrationPlay Services SDKPlay Services SDK
Token formatJSON Web TokenJWS

REGHelp Integrity API

Generate Play Integrity tokens for test applications without requiring physical devices:

curl -X POST https://api.reghelp.net/v2/integrity/tokens -H "X-API-Key: YOUR_KEY" -H "Content-Type: application/json" -d '{"appName":"tg","mode":"standard","requestHash":"order:12345"}'

Request body

ParameterTypeDescription
appNamestringApp slug supported by the service (e.g. tg, whatsapp)
modestringstandard (default) or classic
requestHashstringRequired only for Standard; up to 500 UTF-8 bytes
noncestringRequired only for Classic; Base64URL without line wrapping, 16–500 chars
webHookurlOptional callback for terminal status

Send the API key in X-API-Key. Package name, cloud project number, certificate and current APK versionCode are resolved by the server from its application registry. Standard rejects nonce; Classic rejects requestHash.

Then poll GET /v2/integrity/tokens/TASK_ID with the same X-API-Key header until status: "done".

Use Cases

  • App development — test integrity check flows during development
  • QA automation — include device attestation in automated test suites
  • Security research — study how integrity verification works
  • Monitoring — verify your integrity checks are functioning correctly