Google Play Integrity API behavioral changes

Description: Play Integrity security updates announced in December 2024 recently took effect.  The Play Integrity API has improved its verdicts on Android 13 (API level 33) and later devices, and all apps were automatically transitioned to these new verdicts in May 2025. This means that for devices on Android 13 or later:

• Apps calling the Play Integrity API must have been installed, or updated, by Google Play.
• The MEETS_STRONG_INTEGRITY verdict now requires the device to have a security update installed that has been released within the last year.

Please see this guide for details on other changes made as part of this transition.

 

Impact:

• Devices enrolled via QR Code, Zero Touch, and/or NFC may not recognize the management app as having been installed by Google Play. So the management app would no longer be receiving integrity verdicts from the Play Integrity API.
• Devices that do not have a security update from the last 12 months will no longer receive a MEETS_STRONG_INTEGRITY verdict.

 

Mitigation:

• We’ve updated the Play Integrity policy to consider verified management apps as having been installed by Google Play regardless of enrollment method.
• Leveraging the MEETS_DEVICE_INTEGRITY verdict, which does not take into account security patch level, alongside the MEETS_STONG_INTEGRITY verdict can provide a better picture of the device’s current state. 

 

Please refer to your EMM for further details on how this may impact your deployment.