Download[ttpp]SPIC (Simple Play Integrity Checker) is an open-source Android application designed to demonstrate the implementation and usage of both the Play Integrity API and the deprecated SafetyNet Attestation API. This tool enables developers to assess app integrity by retrieving and analyzing integrity verdicts, which help detect potentially unsafe devices or tampered app environments.[yyxx]
[ttpp]The app supports two modes of verification: local and remote. In local mode, the integrity response is checked directly on the device, allowing for immediate feedback. For enhanced security, the integrity token can also be sent to a self-hosted backend server where it undergoes proper cryptographic validation. This remote validation method is recommended to prevent bypass attempts and ensure robust security practices.[yyxx]
[ttpp]Complete source code for both the Android client and the accompanying server implementation is publicly available on GitHub under the repositories /herzhenr/SPIC-android and /herzhenr/SPIC-server. Developers can use these resources to study best practices for integrating Play Integrity and SafetyNet Attestation APIs, even though SafetyNet is now deprecated and fully replaced by the Play Integrity API.[yyxx]
