Prevent unauthorised modification and redistribution with automatic protection

Note: The features described on this page are currently only available to select Play Partners.

Google Play's automatic protection is a service that helps you protect your apps and games against integrity abuse in the form of unauthorised modification and redistribution. Automatic protection works in your app without a data connection. It can be turned on with one click in the Play Console, and requires no developer work before testing and no backend server integration.

How it works

Automatic protection adds runtime checks to your app's code to restrict modification and redistribution, and then makes those checks hard to remove with advanced obfuscation and anti-reverse engineering techniques. If the installer check fails, users will be prompted to get your app on Google Play. If the modification check fails, the app will not run. This helps to keep users safe from harmful content that may appear in modified versions of your app.

Automatic protection is designed with the aim of the following:

  • Prevent unauthorised modification: Automatic protection helps guard your app against modification, making it harder to distribute unofficial copies with altered behaviour (such as removing billing, adding ads, changing the ad owner ID or adding malware).
  • Prevent piracy of paid apps: Automatic protection prevents piracy by prompting users who obtain the unmodified Play version of your app through an unofficial source to purchase it on Google Play. This prompt is optional and can be turned off by unticking 'Require installation from Play' on the automatic integrity protection configuration page.
  • Increase users receiving official updates: Automatic protection can prompt users who sideload the unmodified Play version of your app to add it to their Play library to ensure that they can receive the ongoing app updates. This prompt is optional and can be turned off by unticking 'Require installation from Play' on the automatic integrity protection configuration page.
Important: Automatic protection does not guarantee prevention of all cracking, piracy, repackaging and redistribution. Automatic protection makes these actions more complex and costly, and so reduces the likelihood of them being successful. Google Play will continually strengthen automatic protection so new releases of your app will automatically get the latest and strongest version of protection.

Set up automatic protection

The steps below describe what you need to do to start using automatic protections. Click on a section to expand it.

Prerequisites

If you turn on automatic protection for a particular app, Google Play will automatically add protection when you create each release ready for distribution to devices. Protection requires Google Play to create modified APKs and sign them on your behalf, so you must:

Please be aware of the following constraints:

  • Automatic protection is only supported on Android 6.0 Marshmallow (API level 23) and higher. Android M was released in 2015 and as of 2023, targeting a midSDKVersion of 23+ will reach over 97% of active Android devices.
  • Automatic protection supports the following ABIs: x86, x86_64, armeabi-v7a, and arm64-v8a. To update your app's targeted ABIs, update the Gradle settings. Other ABIs that are not used by active Android devices can be removed from your targeting without impacting your app's availability.
  • Automatic protection works offline. However, the 'Require installation from Play' periodically requires a data connection if the Play Store app on the device has been offline for a prolonged period.
  • If your app is already using Play Licensing, you should turn off 'Require installation from Google Play'.
  • When uploading your app to internal app sharing, protection is not applied. Take extra care to only share internal app sharing links with trusted team members and do not share unprotected versions externally.
  • Automatic protection is incompatible with code transparency for app bundles because integrity protection involves modifying the code. App bundles uploaded with code transparency when automatic protection is enabled will be rejected.
  • Instant experiences are not protected. The app bundle in your release tracks must not be instant-enabled to get protection. You can simultaneously upload an app bundle to your release track that gets protection and an instant-enabled app bundle to your instant-only track that doesn't get protection.
Step 1: Turn on protection

Create a release as described in Step 1 of Prepare and roll out a release.

You can either turn on protection when creating a release (as described in Step 2 of Prepare and roll out a release) or you can turn on protection the App integrity page (

Test and release

> App integrity), which contains integrity and signing services that help you ensure that users experience your apps and games in the way that you intend.

When preparing your release, you will see a button that either says Get integrity protection or Manage integrity protection. You can then turn integrity protection on by clicking Yes, turn on under 'Automatic protection'. Google Play will then sign your releases and add integrity protection to restrict tampering and distribution abuse. This means that automatic protection is turned on.

Finish preparing your release and save your changes.

Step 2: Test your protected app

Use each of the test tracks to test the protected app version to ensure there’s no unexpected impact on the user experience or performance.

We recommend including the following actions in your review:

  • Test your game's launch, looking for crash-on-launch and any slow down in start-up time.
  • Test moments where your native code (C/C++) calls back out into Java (in your own code or third-party libraries); for example, ads, logging and social integration, authentication or Android-specific features such as permission handling.

If you find issues during the testing process, you have the option to revert to a previous version of automatic protection that you may have already used in a previous release or you can turn off automatic protection. We recommend that you do not promote unprotected versions to open tracks or production.

To turn off integrity protection for an individual release:

  1. When preparing your release, click Manage integrity protection.
  2. Under 'Automatic protection', select Previous protection or Turn off protection for this release.
  3. Save your changes. The changes will be applied to this release. The next time that you upload a release, the release will receive the latest, strongest version of protection again.
Step 3: Promote your app to the production track

When ready, you can roll your release out to a production track in the Play Console, making your protected app available to all Google Play users in your chosen countries.

Customise your store listing when users visit from integrity protection dialogues

Automatic protection can prompt users who obtain your app unofficially to get it on Google Play. When users tap on the dialogue, they will be redirected to your store listing, where they can tap on the install (or buy or update) button to get your app from Play so that the app is added to the user's Play library.

You can customise your store listing assets for any visitors who tap on integrity protection dialogues, including your app's name, icon, descriptions and graphic assets. To customise your store listing when users visit from an integrity protection dialogue:

  1. Open Play Console and go to the App integrity page (

    Test and release

    > App integrity).
  2. Scroll to the 'Play Integrity API' section.
  3. Click Settings.
  4. Scroll to the 'Customise store listing' section.
  5. Click Create listing.
  6. Follow the instructions on the Create custom store listing page and click Save.

Alternatively, you can create the custom store listings for integrity protection dialogues directly from Custom store listings page:

  1. Open Play Console and go to the Custom store listings page (Grow users > Custom store listings).
  2. Click Create listing, choose whether to create a new listing or duplicate an existing one, and click Next.
  3. In the 'Listing details' section, scroll to Target audience.
  4. Select By URL and enter 'playintegrity' in the text box.
  5. Fill in all other details and click Save.

Tip: The URL parameter 'playintegrity' is a special keyword that's reserved for integrity deeplinks, so it must be entered exactly and unaltered when setting up the custom store listing.

Recommended practices

Do not release unprotected app versions

If you publish unprotected versions to open tracks, or through other channels outside Google Play, your app protection will no longer work. To maintain your app’s integrity protection, you should only publish protected versions of your app to open tracks and production.

Take care when mixing anti-tamper protection solutions

Automatic protection may not be compatible with other runtime anti-tamper solutions, and trying to use them together may result in user issues. If you're already implementing Play licensing in your app, then you should disable 'Require installation from Google Play'. If your app performs other runtime checks, be sure to test your protected app thoroughly for issues before releasing it to open tracks.

Test your protected app

Google Play will automatically deliver protected builds across all tracks: internal testing, closed, open and production. You should test these versions thoroughly as usual.

If you upload your app’s build to internal app sharing directly, Google Play will not add protections. This is to allow you to use internal app sharing to upload debug builds and other similar builds.

When you access an internal app sharing link for a protected app version on App bundle explorer, then the build is shared exactly as it has been processed by Google Play. If that app version was uploaded to a test track and protected, then the internal app sharing link from App bundle explorer will deliver a protected version. You can see the protection status on the Details tab of App bundle explorer.

Monitor crashes

You may notice an increase in crashes that are a function of your app being protected; this is likely to indicate that automatic protection is working as intended. If an attacker unsuccessfully modifies your app, the runtime check will stop your app from running, predominantly by crashing the app.

Crashes that are not attributed to Google Play do not affect your Android vitals stability metrics. If you're using other tools to analyse your crashes, such as Crashlytics, and you need a package name to filter by install source, the package name for the Google Play Store is 'com.android.vending'.

If you're worried about an adverse increase in crashes, please report them to us with as much detail as possible and the team will investigate. We will respond to your report if we determine that the crashes relate to protection.

Report cracked versions of your app

A cracked version is a version of your app that still works when it’s been modified or when it’s been installed outside Google Play if you require Google Play installation.

If you've identified a cracked version of your app, you can report it to us.

Improving anti-tamper protection

Sharing app telemetry, such as anonymised environment and performance data with Google Play helps us improve the resilience and performance of anti-tamper protection. You can opt out of sharing app telemetry by turning off 'Share app telemetry with Google' on the Automatic protection settings page (

Test and release

> App integrity and scroll down to Automatic protection). Learn more about how data is used to develop Google services.

Related content

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
12559147764937555485
true
Search Help Centre
true
true
true
true
true
92637
false
false