Note: The features described on this page are currently only available to select Play partners.
Package name protection is a service that performs integrity checks when apps are installed, from any source, on Android devices powered by Google Play services. By nominating install requirements whenever an app is installed using your package name, you can reduce installs of unknown, modified, and potentially harmful versions of your app.
How it works
Starting from Android 11 (API level 30) and above, Google Play services is able to update a list of package names protected by package name protection, along with their install requirements, on Android devices. During each app installation, the Android platform checks if the package name of the app being installed matches the list of protected apps and, if it does, that the install-time requirements are met. The integrity checks happen whether the device is online or offline.
If users try to install an app that is denied because of install requirements, the Android platform generates an INSTALL_FAILED_VERIFICATION_FAILURE which is interpreted and displayed in the UI based on the specific installer or as an error message during sideloading.
By setting install requirements for your app, you can:
- Prevent installs of unknown versions of your app: By requiring that your app must be installed with your official signing certificate, you can protect users from unknown and unofficial resigned versions of your app. These unknown versions may have been altered and repackaged with malware, additional ads, an altered ad owner ID, or the billing library removed.
- Reduce unauthorized installs: By requiring one or more of the optional install requirements possible with package name protection, you can reduce installation of your app through unofficial distribution channels. This may encourage users to seek out your official app through your chosen distribution channels where they are more likely to receive official updates and support.
No other developer action is required after submitting install requirements. You don’t need to make any changes to your app’s distribution settings or your app’s code.
Request package name protection
Before requesting package name protection, review the following important considerations:
- Integrity checks are performed on all installations on Android mobile devices powered by Google Play services running Android 11 (API level 30) and above. Package name protection can't protect app installs on modded or rooted Android devices.
- To avoid disruption to development and testing, you can either submit development signing certificates as allowed signing certificates or you can use internal app sharing to install your test builds (because internal app sharing installs are allowed).
- New, updated, or removed install requirements take time to propagate to devices. They can take up to two weeks to be pushed and they are received by devices at different times depending on each device’s update settings and access to data and Wi-Fi. Google Play services retries multiple times to update the requirements if they can't be propagated initially.
- Attackers may rename and resign an app to circumvent install time protection. Developers should consider using runtime anti-tamper protection in their app, such as Google Play’s automatic integrity protection, to make it harder for attackers to do this.
To use package name protection, you must provide a list of signing certificates that are allowed with your app’s package name (including any debug certificates to ensure you can continue testing). When your app is installed with one of your signing certificates, the install proceeds as normal. When your app has an unknown signing certificate, the install fails with an install verification error.
Important: Remember to provide all allowed signing certificates used for your app. If any authorized app stores re-sign your app, be sure to include those signing certificates in your allowed list.
You also have two optional install requirements:
- You can require that your package name must never be installed using adb. This ensures installs of your app are always through an installer app such as an app store.
- You can require that your app must always be pre-installed. In other words, the app cannot be a fresh install.
For new apps, package name protection applies for all version numbers. For existing apps, protection is applied from the version number you specify.
To join the package name protection early access (EAP) with install requirements for your app, complete the package name protection request form with all the required information.
Changes or leaving package name protection
To make changes to a previously provided rule you can resubmit the form, contact your partner manager, or contact developer support. To leave the early access program and disable package name protection for your app, contact your partner manager or developer support. Note that removed install requirements take time to propagate to devices.
Recommended practices
Combine package name protection with runtime protection
Attackers may change your app’s package name before resigning it. As such, you should consider adding runtime, anti-tamper protection in your app, such as Google Play’s automatic integrity protection, to make it harder for attackers to circumvent package name protection. In online apps and games, you can check for application integrity at runtime using the Play Integrity API.
Exclude untrustworthy devices from Google Play distribution
You can prevent your app from being available to install from Google Play on devices that don’t pass integrity checks. This option prevents unknown and untrustworthy devices from downloading the app from Google Play. Note that, if the user has access to one or more of your APK files, they may try to install your app locally on their device.
To change the device exclusion setting in Play Console:
- Open Play Console and go to the Device catalog page (Release > Reach and devices > Device catalog).
- Select the Excluded devices filter option, and click Manage exclusion rules.
- On the Device exclusion rules page, choose whether or not you want to exclude devices from your app’s distribution based on their Integrity API response where it currently says "SafetyNet attestation API." Excluded devices won’t be able to see or install your app on Google Play.
- Save your changes.
Related content
- Learn more about the Play Integrity API on the Android Developers site.
- Learn how to restrict unauthorized modification and redistribution with automatic integrity protection.