Google is working on giving developers a way to tell if their app is being run by a bot or a real user. Google Play will provide a signal that helps differentiate between “likely genuine” and “likely non-genuine” traffic based on “the presence and volume of Play Store activity.”
Developer @linuxct discovered this while poking around in the Google APIs Client Library for .NET. There’s an undocumented field called “AccountActivity” in the Play Integrity API’s JSON payload that normally doesn’t appear in responses but could be available in the future.
There are 6 possible values: ACTIVITY_LEVEL_UNSPECIFIED, UNEVALUATED, UNUSUAL, UNKNOWN, TYPICAL_BASIC, and TYPICAL_STRONG. These values tell the developer what Google Play thinks of the account’s Play Store activity.
This field isn’t documented on the developer docs for the Play Integrity API, but you can see it here. The Play Integrity API already provides a handful of signals, such as an account detail signal that tells developers whether the current user account has a valid license and device integrity signal for whether the app is running on a genuine Android device that passed CTS.
An account activity signal would provide another way for developers to decide whether they want their app or game running on a device. Game developers could use this to curtail suspected bot farm activity.
