Terms of Service and data safety

Before you use or access the Play Integrity API, do the following:

1. Read the Play Integrity API Terms of Service.
2. Understand how the API handles data.

Terms of Service

Last modified: May 20, 2024

1. By using the Play Integrity API, you agree to these terms in addition to the Google APIs Terms of Service ("API ToS"). The Play Integrity API is provided to protect app security and to mitigate abuse, fraud, and unauthorized access.
2. By using the Play Integrity API, your app or SDK will have access to certain features and be granted quota limits based on the eligibility criteria described in the Play Integrity API documentation. Eligibility criteria are subject to change.
   1. Google Play reserves the right to remove feature access and reduce quota if your app or SDK does not meet, or stops meeting, the eligibility criteria.
   2. The approval of additional features or increased quota is non-transferable and will only apply to the specified app or SDK.
3. You may not use the Play Integrity API to fingerprint or track individual users or devices.
4. Google may make changes to these terms at any time with notice and the opportunity to decline further use of the Play Integrity API. Google will post notice of modifications to the terms at https://developer.android.com/google/play/integrity/terms#tos. Changes will not be retroactive.

Data safety

Google Play has a data safety section for developers to disclose their apps' data collection, sharing, and security practices. To help you complete the data safety section requirements, you can use the information below on how the Play Integrity API handles data.

The Play Integrity API is a runtime interface with the Google Play Store. As such, when you use Play Integrity in your app, the Play Store runs its own processes, which include handling data as governed by the Google Play Terms of Service. The information below describes how the Play Integrity API handles data to process specific requests from your app.

Data collected on usage	Always collected: App-provided information in the request including the requestHash and nonce fields App metadata including package name, version number, and signing certificate The app's Google Play license status for the signed in user accounts on the device Device information including a key attestation certificate and a device attestation token generated by Google Play services Only collected when the requesting app is opted in to receiving environment details: App activity information used to determine if apps are running that can capture the screen or control the device Device information used to determine the status of Google Play Protect
Purpose of data collection	The data collected is used to verify the application integrity, the licensing status, environment details, and the device integrity.
Data encryption	Data is encrypted.
Data sharing	Data is not transferred to any third parties.
Data deletion	Data is deleted following a fixed retention period.

While we aim to be as transparent as possible, you are solely responsible for deciding how to respond to Google Play's data safety section form regarding your app's user data collection, sharing, and security practices.