Terms of Service and data safety

Before you use or access the Play Integrity API, do the following:

  1. Read the Play Integrity API Terms of Service.
  2. Understand how the API handles data.

Terms of Service

Last modified: January 26, 2022

  1. By using the Play Integrity API, you agree to these terms in addition to the Google APIs Terms of Service ("API ToS"). If these terms are ever in conflict, these terms will take precedence over the API ToS. Please read these terms and the API ToS carefully.
  2. For purposes of these terms, "APIs" means Google's APIs, other developer services, and associated software, including any Redistributable Code.
  3. "Redistributable Code" means Google-provided object code or header files that call the APIs.
  4. Subject to these terms and the terms of the API ToS, you may copy and distribute Redistributable Code solely for inclusion as part of your API Client. Google and its licensors own all right, title and interest, including any and all intellectual property and other proprietary rights, in and to Redistributable Code. You will not modify, translate, or create derivative works of Redistributable Code.
  5. Google may make changes to these terms at any time with notice and the opportunity to decline further use of the Play Integrity API. Google will post notice of modifications to the terms at https://developer.android.com/google/play/integrity/terms#tos. Changes will not be retroactive.

Data safety

Google Play has a data safety section for developers to disclose their apps' data collection, sharing, and security practices. To help you complete the data safety section requirements, you can use the information below on how the Play Integrity API handles data.

The Play Integrity API is a runtime interface with the Google Play Store. As such, when you use Play Integrity in your app, the Play Store runs its own processes, which include handling data as governed by the Google Play Terms of Service. The information below describes how the Play Integrity API handles data to process specific requests from your app.

Data collected on usage

App-provided information in the request (in the requestHash and nonce fields)

Application metadata (package name, version number, and signing certificate)

A device attestation token generated by Google Play services

Purpose of data collection

The data collected is used to verify the application integrity, the licensing status, and the device integrity.

Data encryption

Data is encrypted.

Data sharing

Data is not transferred to any third parties.

Data deletion

Data is deleted following a fixed retention period.

While we aim to be as transparent as possible, you are solely responsible for deciding how to respond to Google Play's data safety section form regarding your app's user data collection, sharing, and security practices.