Introduce Play Integrity API Canonical Sample App#124
Merged
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request introduces a sample application demonstrating Play Integrity API integration for banking, streaming, and gaming use cases, including both Android client and Node.js server components. The review identifies several technical issues and improvement opportunities: the need for deterministic JSON serialization to ensure consistent content binding hashes, the use of monotonic clocks instead of wall clocks for game timing, and the adoption of BigDecimal for financial precision. Further feedback suggests centralizing SDK versions and UI colors, implementing session cleanup on the server to prevent memory leaks, and disabling application backups to align with security best practices.
Adds a full-stack Canonical Sample App for the Play Integrity API (PIA). This blueprint demystifies integration complexities between frontend and backend systems, providing developers with a production-ready foundation. Architecture highlights: - Android Client: Kotlin and Jetpack Compose, adhering to MAD best practices with a feature-based multi-module UDF approach. - Node.js Backend: Express.js server using a three-tier architecture, kept intentionally stateless to focus strictly on PIA integration. Includes three isolated micro-app scenarios: - Bank (High-value action): Demonstrates secure data transmission, payload hashing for content binding, and user remediation dialogs. - Streaming (Server-side resource): Showcases a tiered trust strategy that dynamically modifies DASH XML manifests to adjust ExoPlayer video resolutions based on integrity verdicts. - Game (Session environment): Uses advanced environment signals in a real-time rhythm game to counter TOCTOU exploits, requiring periodic checks to block screen capturing, accessibility misuse, and malware. Includes comprehensive end-to-end setup guides and dedicated READMEs detailing the security theory and integration steps for each scenario.
robclifford27
requested review from
robclifford27
and removed request for
TKBurner
…API top-level README.md.
Update top-level README.md for PlayIntegrityAPI and add PlayIntegrity…
robclifford27
approved these changes
May 22, 2026
Contributor
robclifford27
left a comment
robclifford27
left a comment
There was a problem hiding this comment.
Approved addition of play integrity API sample
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Overview
This PR introduces the Play Integrity API Canonical Sample App to the repository. Many developers currently find integrating the API difficult due to backend-frontend coordination complexities and the steep learning curve of advanced features. This open-source, full-stack project serves as a best-practice blueprint to demystify the integration process and provide a tangible foundation for a production-ready setup.
Architecture Summary
To ensure architectural symmetry and educational clarity, this sample uses a full-stack approach:
Included Micro-Apps
Rather than basic code snippets, the integration is demonstrated through three isolated, self-contained micro-app scenarios:
Setup & Documentation
A follow-up PR will include the setup guide and project documentation.