How it works
Automatic protection can add the following features to your app:
Automatic protection can add Google Play installer checks to your app’s code that happen at runtime when your app is opened. If the installer checks fail, users will be prompted to get your app on Google Play.
Benefits: This helps more users to get your official app updates from Google Play.
Note: This feature is only available to select Play partners.
Automatic protection can add runtime checks to your app’s code to detect modification and use advanced obfuscation techniques to prevent the checks from being removed or reverse engineered. If the checks fail, the user will be prompted to get your app on Google Play or the app will not run.
Benefits: When combined with Google Play installer checks, anti-tamper protection prevents attackers from bypassing your distribution or monetization preferences through unauthorized modification, repackaging, redistribution, and piracy.
Note: Anti-tamper protection cannot guarantee prevention of all modification and redistribution. It makes these actions more complex and costly, and so reduces the likelihood of them being successful. Google Play will continually strengthen anti-tamper protection so that new releases will automatically get the latest and strongest version of protection.
Sharing app telemetry, such as anonymized environment and performance data with Google Play helps us improve the resilience and performance of anti-tamper protection. You can opt out of sharing app telemetry by turning off 'Share app telemetry with Google' on the Automatic protection settings page (Test and release > App integrity and scroll down to Automatic protection). Learn more about how data is used to develop Google services.
Set up
The steps below describe what you need to do to start using automatic protections.
Automatic protection requires Google Play to create modified APKs and sign them on your behalf, so you must:
- Use Play App Signing.
- Publish with Android App Bundles.
Please also be aware of the following:
- Automatic protection requires your app to target a minimum API level of 21 or higher.
- Automatic protection works offline. However, installer checks periodically require a data connection if the Play Store app on the device has been offline for a prolonged period.
- Automatic protection replaces the need to use the Play Licensing library.
- When uploading your app to internal app sharing, protection is not applied. Only share internal app sharing links with trusted team members and do not share unprotected versions externally.
- Automatic protection is incompatible with code transparency for app bundles.
Additional prerequisites for anti-tamper protection
Note: This feature is only available to select Play partners.
To use anti-tamper protection, your app must:
- Target a minimum API level of API level 23 or higher. Targeting a midSDKVersion of 23+ will reach over 99% of active Android devices.
- Target one of the following ABIs: x86, x86_64, armeabi-v7a, and arm64-v8a. To update your app's targeted ABIs, update the Gradle settings. Other ABIs that are not used by active Android devices can be removed from your targeting without impacting your app's availability.
Create a release as described in Step 1 of Prepare and roll out a release.
You can either turn on protection when creating a release (as described in Step 2 of Prepare and roll out a release) or you can turn on protection on the App integrity page (Test and release > App integrity), which contains integrity and signing services that help you ensure that users experience your apps and games in the way you intend.
When preparing your release, you will see a button that either says Get integrity protection or Manage integrity protection. You can then turn integrity protection on by clicking Yes, turn on under "Automatic protection." Google Play will then sign your releases and add integrity protection to restrict tampering and distribution abuse. This means that automatic protection is turned on.
Finish preparing your release and save your changes.
Use each of the test tracks to test the protected app version to ensure there’s no unexpected impact on the user experience or performance.
We recommend including the following actions in your review:
- Test your game's launch, looking for crash-on-launch and any slow down in startup time.
If you find issues during the testing process, you have the option to turn off automatic protection. We recommend that you do not promote unprotected versions to open tracks or production.
To turn off integrity protection for an individual release:
- When preparing your release, click Manage integrity protection.
- Under "Automatic protection," select Previous protection or Turn off protection for this release.
- Save your changes. The changes will be applied to this release. The next time you upload a release, the release will receive the latest, strongest version of protection again.
When ready, you can roll your release out to a production track in the Play Console, making your protected app available to all Google Play users in your chosen countries.
Customize your store listing when users visit from automatic protection prompts
Automatic protection can prompt users who obtain your app unofficially to get it on Google Play. When users tap on the prompt, they will be redirected to your store listing, where they can tap on the install (or buy or update) button to get your app from Play so that the app is added to the user’s Play library.
You can customize your store listing assets for any visitors who tap on the prompt, including your app’s name, icon, descriptions, and graphic assets. To do so:
- Open Play Console and go to the App integrity page (Test and release > App integrity).
- Scroll to the "Automatic protection" section.
- Click Settings.
- Scroll to the "Customize store listing" section.
- Click Create listing.
- Follow the instructions on the Create custom store listing page and click Save.
Alternatively, you can create the custom store listings for automatic protection prompts directly from Custom store listings page:
- Open Play Console and go to the Custom store listings page (Grow users > Custom Store Listings).
- Click Create listing, choose whether to create a new listing or duplicate an existing one, and click Next.
- In the "Listing details" section, scroll to Target audience.
- Select By URL and enter ‘playintegrity’ in the text box.
- Fill in all other details and click Save.
Tip: The URL parameter ‘playintegrity’ is a special keyword that’s reserved for integrity deeplinks, so it must be entered exactly and unaltered when setting up the custom store listing.
Recommended practices for anti-tamper protection
Note: This feature is only available to select Play partners.
Follow these recommended practices to get the most out of Google Play’s anti-tamper protection:
Automatic protection may not be compatible with other runtime anti-tamper solutions, and trying to use them together may result in user issues. If your app performs other runtime checks, be sure to test your protected app thoroughly for issues before releasing it to open tracks.
If you publish unprotected versions to open tracks, or through other channels outside Google Play, your app protection will no longer work. To maintain your app’s integrity protection, you should only publish protected versions of your app to open tracks and production.
Google Play will automatically deliver protected builds across all tracks: internal testing, closed, open, and production. You should test these versions thoroughly as usual. In particular:
- Test your game's launch, looking for crash-on-launch and any slow down in startup time.
- Test moments where your native code (C/C++) calls back out into Java (in your own code or third-party libraries), such as ads, logging, and social integration, authentication, or Android-specific features such as permission handling.
If you find issues during the testing process, you have the option to revert to a previous version of automatic protection that you may have already used in a previous release or you can turn off automatic protection. We recommend that you do not promote unprotected versions to open tracks or production.
If you upload your app’s build to internal app sharing directly, Google Play will not add protections. This is to allow you to use internal app sharing to upload debug builds and other similar builds.
You may notice an increase in crashes that are a function of your app being protected; this is likely to indicate that automatic protection is working as intended. If an attacker unsuccessfully modifies your app, the runtime check will stop your app from running, predominantly by crashing the app.
Crashes that are not attributed to Google Play do not affect your Android vitals stability metrics. If you’re using other tools to analyze your crashes, such as Crashlytics, and you need a package name to filter by install source, the package name for the Google Play Store is "com.android.vending".
If you're worried about an adverse increase in crashes, you can report them to us with as much detail as possible and the team will investigate. We will respond to your report if we determine that the crashes relate to protection.
A cracked version is a version of your app that still works when it’s been modified or when it’s been installed outside Google Play if you require Google Play installation.
If you’ve identified a cracked version of your app, you can report it to us.
Related content
- Learn about integrity and signing services in Play Console.
- Learn about integrity and signing services on the Android developers site.