Android Play Integrity API

The Play Integrity API provides security verdicts for Android EMM devices. Devices must be running the KACE Cloud Android agent version 1.9.1 or later to support this feature.

The screenshot below shows a device that has received the Meets Strong Integrity verdict from the Play Integrity API and as a result, is assigned a verification status of Verified.

The device details section has more information including an option to download the JSON that is returned from the Play Integrity API.

There are 4 possible verdicts.

1. Meets Strong Integrity - this is the highest verdict and the Play Integrity API is reporting that the KACE Android Agent is running on a genuine and certified Android device with a recent security update.
2. Meets Device Integrity - the agent is running on a genuine and certified Android device.
3. Meets Basic Integrity - the agent is running on a device that passes basic system integrity checks.
4. Not evaluated or empty - the agent is running on a device that has signs of attack (such as API hooking) or system compromise (such as being rooted), or the app is not running on a physical device (such as an emulator that does not pass Google Play integrity checks).

For full details about the Play Integrity verdicts see here - Play Integrity Verdicts. KACE Cloud uses the deviceRecognitionVerdict field in the deviceIntegrity section of the API response.