androidfirebasegoogle-cloud-platformfirebase-app-checkgoogle-play-integrity-api

Play Store's Play Integrity vs Firebase App Check Play Integrity


What is the difference between Play Integrity implementation here and the one that is in Firebase documentation, which one should you follow? I also don't understand the one that is in the Play Store documentation as all it did is add the dependency, thus I am assuming that Google Play Services handles it automatically behind the scenes as long as it detects that the app has the Play Integrity dependency.


Solution

  • There is a huge difference between Play Store's Play Integrity and Firebase App Check with Play Integrity. In the case of Play Integrity, you can call the Integrity API at important moments in your app to check that user actions and requests are coming from your unmodified app binary, installed by Google Play, running on a genuine Android device. So it's about Google Play and nothing else.

    On the other hand, Firebase App Check with Play Integrity, helps you protect your API resources from abuse by preventing unauthorized clients from accessing your backend resources. So besides the fact that you should have a Firebase project in the first place, this feature ensures that the calls to your backend originate from your authentic app.