Google Play Integrity

Go to URL https://console.developers.google.com/
Create a new Project and set name of you project.

Choose ‘API’s & Services’ option from side bar.
In API’s & Services > Dashboard > Choose ‘Enable APIS AND SERVICES’.

This will redirect to ‘Library’ we need to search ‘Google Play Integrity API’.

Click on Google Play Integrity API and enable it.
If the application usage is high, the quota request form needs to be submitted. Please fill quota request form from below site. Also select below options.
https://support.google.com/googleplay/android-developer/contact/piaqr
Quota request - Estimated total queries per day * -> The approximate load, Play Integrity API is called once each time the app in opened
Quota request - Estimated peak queries per second -> Leave blank
To enable Play Integrity responses please follow below steps-
Go to Google Play Console->Side Menu->App Integrity
Click on Settings.
Click on Link project and then link your existing google cloud project. If it is not created then create new and link the same.

i. Scroll down on the same screen and click on Change Responses.
Enable the Meet basic Integrity option and save the changes.

Scroll down on the same screen and click on Edit button of classic requests section.
In the window that appears, select Manage and download my response encryption keys and follow below steps to generate response encryption keys-Create a new private-public key pair. RSA key size must be 2048 bits using below command-
- Create a new private-public key pair. RSA key size must be 2048 bits using below command-
- openssl genrsa -aes128 -out your_path/private.pem 2048
  Then use your password phrase for creating private.pem and also use the same password for verifying the private.pem. Then hit the below command.
  openssl rsa -in your_path/private.pem -pubout -out your_path/public.pem
  Enter the same password which you have used while creating private.pem. These two files will now appear on your mentioned path. Then upload the public.pem file on the window which was appeared after clicking on Manage and download my response encryption keys option.Once you upload the public.pem file it will automatically download your_app_pkg_name.enc file. Then hit below command as,
  openssl rsautl -decrypt -oaep -inkey your_path/private.pem -in your_app_pkg_name.enc -out your_path/api_keys.txt
  Enter the password for private.pem. It will create api_keys.txt file on your path. It must be consist of VERIFICATION_KEY and DECRYPTION_KEY.
- Maintain this VERIFICATION_KEY and DECRYPTION_KEY in DIGX_FW_CONFIG_ALL_B table corresponding to the following keys respectively:
- PLAY_INTEGRITY_ENCRYPTION_KEY and PLAY_INTEGRITY_DECRYPTION_KEY
- An example query will be:
- update DIGX_FW_CONFIG_ALL_B set prop_value = 'YOUR_DECRYPTION_KEY' where prop_id = 'PLAY_INTEGRITY_DECRYPTION_KEY';
- update DIGX_FW_CONFIG_ALL_B set prop_value = 'YOUR_ENCRYPTION_KEY' where prop_id = 'PLAY_INTEGRITY_ENCRYPTION_KEY';
- Similarly,Obtain the same keys for authenticator app by using above steps and then maintain those in DIGX_FW_CONFIG_ALL_B table corresponding to the following keys respectively:
- PLAY_INTEGRITY_ENCRYPTION_KEY_AUTHENTICATOR and
- PLAY_INTEGRITY_DECRYPTION_KEY_AUTHENTICATOR
- An example query will be:
- update DIGX_FW_CONFIG_ALL_B set prop_value = 'YOUR_DECRYPTION_KEY' where prop_id = 'PLAY_INTEGRITY_DECRYPTION_KEY_AUTHENTICATOR';
- update DIGX_FW_CONFIG_ALL_B set prop_value = 'YOUR_ENCRYPTION_KEY' where prop_id = 'PLAY_INTEGRITY_ENCRYPTION_KEY_AUTHENTICATOR';
Add project number in below property of app.properties
<string name="GOOGLE_CLOUD_PROJECT_NO">@@GOOGLE_CLOUD_PROJECT NO</string>
You will get the project number on google cloud console project
Mention the time in seconds to which app can hit the play integrity api. By default it is 300seconds but you can configure as per the requirement. Please use below property in RootCheckFlags.java(workspace_installer/zigbank/platforms/android/app/src/main/java/com/ofss/digx/mobile/android/)
long playIntegrityAPICallTime = your_time_in_seconds;

Back