Play Integrity & Device Attestation Guide
Device attestation APIs verify that an app is running on a genuine, unmodified device. Google's Play Integrity API (successor to SafetyNet Attestation) is the standard for Android device verification.
What Is Play Integrity?
Play Integrity API provides cryptographic attestation that:
- The app binary hasn't been tampered with
- The device is running a genuine Android build
- The app was installed from Google Play Store
- The device meets basic security requirements
Play Integrity vs SafetyNet
| Feature | Play Integrity | SafetyNet (deprecated) |
|---|---|---|
| Status | Active | Deprecated (June 2024) |
| Verdict types | Device, App, Account | Basic, CTS Profile |
| Integration | Play Services SDK | Play Services SDK |
| Token format | JSON Web Token | JWS |
REGHelp Integrity API
Generate Play Integrity tokens for testing without requiring physical devices:
GET https://api.reghelp.net/integrity/getToken?apiKey=YOUR_KEY&appName=tg&appDevice=Android&nonce=abc123xyz&appVersionCode=85101930
Required query parameters
| Parameter | Type | Description |
|---|---|---|
apiKey | string | Your REGHelp API key |
appName | string | App slug supported by the service (e.g. tg, whatsapp) |
appDevice | string | Android, iOS or Huawei (case-insensitive) |
nonce | string | Base64URL nonce, 16–500 chars, passed back inside the verdict |
appVersionCode | int | Mandatory. Target APK versionCode (e.g. Telegram 85101930). Must match the build you'll attest in production — Play Integrity rejects tokens whose versionCode differs from the signed APK. |
type | string | Optional. Pass std for the Standard (Express) flow; classic is the default |
webHook | url | Optional callback for terminal status |
Find the right appVersionCode either:
- inside the APK you ship:
aapt dump badging app.apk | grep versionCode - from the APKMirror page of your target build
Then poll /integrity/getStatus?apiKey=YOUR_KEY&id=TASK_ID until status: "done".
Use Cases
- App development — test integrity check flows during development
- QA automation — include device attestation in automated test suites
- Security research — study how integrity verification works
- Monitoring — verify your integrity checks are functioning correctly
