android

package
v0.1.14 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 20, 2026 License: MIT Imports: 8 Imported by: 0

Documentation

Overview

Package android provides Android Play Integrity verification.

This package uses Google's official Play Integrity API to verify integrity tokens from Android devices.

See: https://developer.android.com/google/play/integrity

Index

Constants

This section is empty.

Variables

View Source 
var (
	ErrVerificationFailed = errors.New("verification failed")
	ErrInvalidPackageName = errors.New("invalid package name")
	ErrInvalidChallenge   = errors.New("invalid challenge")
	ErrAttestationExpired = errors.New("attestation expired")
	ErrDeviceCompromised  = errors.New("device integrity check failed")
	ErrAppNotRecognized   = errors.New("app not recognized")
	ErrCertDigestMismatch = errors.New("APK certificate digest mismatch")
)

Common errors.

Functions

This section is empty.

Types

type AccountDetails 

type AccountDetails struct {
	// LicensingVerdict indicates the app licensing status.
	// Values: LICENSED, UNLICENSED, UNEVALUATED
	LicensingVerdict string
}

AccountDetails contains Play Store licensing information.

type Config 

type Config struct {
	// PackageNames is the list of allowed app package names.
	PackageNames []string

	// APKCertDigests is the list of allowed APK signing certificate SHA-256 digests.
	// Optional but recommended for additional security.
	APKCertDigests []string

	// GCPProjectID is your Google Cloud project ID.
	GCPProjectID string

	// GCPCredentialsFile is the path to the service account credentials file.
	// If empty, uses Application Default Credentials.
	GCPCredentialsFile string

	// ChallengeTimeout is the maximum age of a token (default: 5 minutes).
	ChallengeTimeout time.Duration

	// RequireStrongIntegrity requires MEETS_STRONG_INTEGRITY verdict.
	// When false, MEETS_DEVICE_INTEGRITY is sufficient.
	RequireStrongIntegrity bool

	// AllowBasicIntegrity allows MEETS_BASIC_INTEGRITY verdict.
	// Not recommended for sensitive operations.
	AllowBasicIntegrity bool
}

Config holds configuration for Android Play Integrity verification.

type Request 

type Request struct {
	// IntegrityToken is the token from the Play Integrity API.
	IntegrityToken string

	// Challenge is the server-generated nonce.
	Challenge string
}

Request represents an integrity verification request.

type Result 

type Result struct {
	// Valid indicates whether the integrity token was verified successfully.
	Valid bool

	// DeviceID is derived from the request nonce.
	DeviceID string

	// PackageName is the verified package name.
	PackageName string

	// AppRecognitionVerdict is the app recognition result.
	AppRecognitionVerdict string

	// DeviceIntegrityVerdicts contains the device integrity verdicts.
	DeviceIntegrityVerdicts []string

	// AccountDetails contains the licensing information (if available).
	AccountDetails *AccountDetails

	// Timestamp is when the verification was performed.
	Timestamp time.Time
}

Result represents the result of integrity verification.

type Verifier 

type Verifier struct {
	// contains filtered or unexported fields
}

Verifier verifies Android Play Integrity tokens.

func NewVerifier 

func NewVerifier(cfg Config) (*Verifier, error)

NewVerifier creates a new Android Play Integrity verifier.

func (*Verifier) Verify 

func (v *Verifier) Verify(ctx context.Context, req *Request) (*Result, error)

Verify verifies an Android Play Integrity token.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.