├── .gitignore ├── 404.json ├── LICENSE ├── README.md ├── api └── check.js ├── package.json └── vercel.json /.gitignore: -------------------------------------------------------------------------------- 1 | # Logs 2 | logs 3 | *.log 4 | npm-debug.log* 5 | yarn-debug.log* 6 | yarn-error.log* 7 | lerna-debug.log* 8 | 9 | # Diagnostic reports (https://nodejs.org/api/report.html) 10 | report.[0-9]*.[0-9]*.[0-9]*.[0-9]*.json 11 | 12 | # Runtime data 13 | pids 14 | *.pid 15 | *.seed 16 | *.pid.lock 17 | 18 | # Directory for instrumented libs generated by jscoverage/JSCover 19 | lib-cov 20 | 21 | # Coverage directory used by tools like istanbul 22 | coverage 23 | *.lcov 24 | 25 | # nyc test coverage 26 | .nyc_output 27 | 28 | # Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files) 29 | .grunt 30 | 31 | # Bower dependency directory (https://bower.io/) 32 | bower_components 33 | 34 | # node-waf configuration 35 | .lock-wscript 36 | 37 | # Compiled binary addons (https://nodejs.org/api/addons.html) 38 | build/Release 39 | 40 | # Dependency directories 41 | node_modules/ 42 | jspm_packages/ 43 | 44 | # TypeScript v1 declaration files 45 | typings/ 46 | 47 | # TypeScript cache 48 | *.tsbuildinfo 49 | 50 | # Optional npm cache directory 51 | .npm 52 | 53 | # Optional eslint cache 54 | .eslintcache 55 | 56 | # Microbundle cache 57 | .rpt2_cache/ 58 | .rts2_cache_cjs/ 59 | .rts2_cache_es/ 60 | .rts2_cache_umd/ 61 | 62 | # Optional REPL history 63 | .node_repl_history 64 | 65 | # Output of 'npm pack' 66 | *.tgz 67 | 68 | # Yarn Integrity file 69 | .yarn-integrity 70 | 71 | # dotenv environment variables file 72 | .env 73 | .env.test 74 | 75 | # parcel-bundler cache (https://parceljs.org/) 76 | .cache 77 | 78 | # Next.js build output 79 | .next 80 | 81 | # Nuxt.js build / generate output 82 | .nuxt 83 | dist 84 | 85 | # Gatsby files 86 | .cache/ 87 | # Comment in the public line in if your project uses Gatsby and *not* Next.js 88 | # https://nextjs.org/blog/next-9-1#public-directory-support 89 | # public 90 | 91 | # vuepress build output 92 | .vuepress/dist 93 | 94 | # Serverless directories 95 | .serverless/ 96 | 97 | # FuseBox cache 98 | .fusebox/ 99 | 100 | # DynamoDB Local files 101 | .dynamodb/ 102 | 103 | # TernJS port file 104 | .tern-port 105 | .vercel 106 | -------------------------------------------------------------------------------- /404.json: -------------------------------------------------------------------------------- 1 | {"error": "Not Found"} -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Nikolas Spiridakis 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | > [!WARNING] 2 | > This repo is archived. I maintain the Cloudflare Workers version found [here](https://github.com/1nikolas/play-integrity-checker-server). 3 | 4 | # Play Integrity API Checker Server 5 | Node-js server for the [Play Inegrity API Checker App](https://github.com/1nikolas/play-integrity-checker-app/) 6 | 7 | ## Important Note 8 | If you want to implement the Play Integrity API in your app you shouldn't do it this way. The API server should not send the whole JSON to the app, only a yes/no. Also ideally you should pair the integrity request with another one (for example login). That way your API won't let the user proceed without a valid Integrity token that passes integrity checks (even if your app is reverse engineered). 9 | 10 | ## Setup 11 | This app is coded for use in [Vercel](https://vercel.com/). To set up yourslef: 12 | 1) Fork this repository and add it to Vercel 13 | 2) Go to Settings -> Environment Variables on Vercel and set: 14 | - `PACKAGE_NAME` to your app package name 15 | - `GOOGLE_APPLICATION_CREDENTIALS` to the json contents of the service account on your Google Cloud project. Make sure it's the same project you linked on your Play Console 16 | 17 | ## How to set up Google Cloud 18 | 1) Make a new project 19 | 2) Go to APIs & Services -> Enabled APIs & Services -> Enable APIs & Services and enable the *Play Integrity API* 20 | 3) On the Google Play Integrity API page go to Credentials -> Create Credentials -> Service Account. Set a name and leave everything to the default. 21 | 4) Go to Keys -> Add Key -> Create new key. The json that downloads automactially is the json you need for the Environment Variable. 22 | 23 | ## License 24 | 25 | MIT License 26 | 27 | ``` 28 | Copyright (c) 2022 Nikolas Spiridakis 29 | 30 | Permission is hereby granted, free of charge, to any person obtaining a copy 31 | of this software and associated documentation files (the "Software"), to deal 32 | in the Software without restriction, including without limitation the rights 33 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 34 | copies of the Software, and to permit persons to whom the Software is 35 | furnished to do so, subject to the following conditions: 36 | 37 | The above copyright notice and this permission notice shall be included in all 38 | copies or substantial portions of the Software. 39 | 40 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 41 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 42 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 43 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 44 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 45 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 46 | SOFTWARE. 47 | ``` 48 | -------------------------------------------------------------------------------- /api/check.js: -------------------------------------------------------------------------------- 1 | import { google } from "googleapis"; 2 | const playintegrity = google.playintegrity('v1'); 3 | 4 | 5 | const packageName = process.env.PACKAGE_NAME 6 | const privatekey = JSON.parse(process.env.GOOGLE_APPLICATION_CREDENTIALS) 7 | 8 | 9 | async function getTokenResponse(token) { 10 | 11 | let jwtClient = new google.auth.JWT( 12 | privatekey.client_email, 13 | null, 14 | privatekey.private_key, 15 | ['https://www.googleapis.com/auth/playintegrity']); 16 | 17 | google.options({ auth: jwtClient }); 18 | 19 | const res = await playintegrity.v1.decodeIntegrityToken( 20 | { 21 | packageName: packageName, 22 | requestBody:{ 23 | "integrityToken": token 24 | } 25 | } 26 | 27 | ); 28 | 29 | 30 | console.log(res.data.tokenPayloadExternal); 31 | 32 | return res.data.tokenPayloadExternal 33 | } 34 | 35 | module.exports = async (req, res) => { 36 | 37 | const { token = 'none'} = req.query 38 | 39 | if (token == 'none') { 40 | res.status(400).send({ 'error': 'No token provided' }) 41 | return 42 | } 43 | 44 | getTokenResponse(token) 45 | .then(data => { 46 | res.status(200).send(data) 47 | return 48 | }) 49 | .catch(e => { 50 | console.log(e) 51 | res.status(200).send({ 'error': 'Google API error.\n' + e.message }) 52 | return 53 | }); 54 | } 55 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "play-integrity-checker-server", 3 | "version": "1.0.0", 4 | "description": "", 5 | "main": "index.js", 6 | "scripts": { 7 | "test": "echo \"Error: no test specified\" && exit 1" 8 | }, 9 | "author": "", 10 | "license": "MIT", 11 | "dependencies": { 12 | "googleapis": "^144.0.0" 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /vercel.json: -------------------------------------------------------------------------------- 1 | { 2 | "github": { 3 | "silent": true 4 | }, 5 | 6 | "redirects": [ 7 | { 8 | "source": "/", 9 | "destination": "https://github.com/1nikolas/play-integrity-checker-server/", 10 | "permanent": false 11 | } 12 | ], 13 | 14 | "rewrites": [ 15 | { 16 | "source": "/(.*)", 17 | "destination": "/404.json" 18 | } 19 | ] 20 | } 21 | --------------------------------------------------------------------------------