SPIC (Simple Play Integrity Checker) is an open-source Android application designed to illustrate the functionality of both the Play Integrity API and the now-deprecated SafetyNet Attestation API. This tool is invaluable for developers and security professionals looking to understand and implement these security measures within their applications.
The app allows users to check the integrity verdict provided by these APIs directly on their device. Alternatively, the results can be sent to a remote server for validation. It's important to note that the server component must be self-hosted at this time.
For those interested in exploring or contributing to the project, the source code for both the Android app and the server implementation is freely available on GitHub. You can find the repositories at /herzhenr/SPIC-android for the Android application and /herzhenr/SPIC-server for the server component.
By leveraging SPIC, developers can gain practical insights into using Play Integrity and SafetyNet Attestation APIs to enhance the security and integrity of their Android applications.
