Conversation

Notices

1. Embed this notice
   GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 09:54:02 JST GrapheneOS

   A growing number of apps are using the Play Integrity API to enforce installation from the Play Store. This is clearly highly illegal anti-competitive behavior. It doesn't impact GrapheneOS users installing apps with the sandboxed Play Store but does impact other install sources.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:41 JST GrapheneOS

     in reply to

     If you run into apps banning using GrapheneOS with Play Integrity, make a Play Store review with no links asking to stop banning a more secure OS. Next, make a customer support request linking https://grapheneos.org/articles/attestation-compatibility-guide. Multiple apps have permitted GrapheneOS due to these efforts.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:42 JST GrapheneOS

     in reply to

     Multiple prominent banking apps in Europe have already implemented support for GrapheneOS via hardware attestation. The pace of apps adopting the Play Integrity API is unfortunately currently faster than apps adding support for GrapheneOS. This is due to Google marketing it.

     Rich Felker repeated this.
   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:43 JST GrapheneOS

     in reply to

     Even if apps insist on doing these kinds of integrity checks, they can still permit GrapheneOS. We provide a guide on verifying GrapheneOS via hardware attestation at https://grapheneos.org/articles/attestation-compatibility-guide. They can still fall back to Play Integrity API for insecure devices without this.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:44 JST GrapheneOS

     in reply to

     There's no security value to enforcing using devices licensing Google Mobile Services. The vast majority of those devices are highly insecure. Software-based attestation (device integrity) is also highly insecure and easy for attackers to bypass. This is only hurting competition.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:44 JST GrapheneOS

     in reply to

     Hardware-based attestation can be secure, but the way the Play Integrity API uses it is also highly insecure. It can be bypassed via leaked keys from the most insecure Android devices in the ecosystem. Secure way to use it is pinning, not trusting everything chaining to a root.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:45 JST GrapheneOS

     in reply to

     Google Play Integrity permits highly insecure devices with years of missing High/Critical severity security patches. They pretend any device licensing Google Mobile Services is secure while running the stock OS and anything else is insecure. This is a lie to lock out competition.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:46 JST GrapheneOS

     in reply to

     Google's Play Integrity API is quite different and only supports verifying devices licensing Google Mobile Devices with the stock OS. It has support for enforcing installing apps from the Play Store. None of this has anything to do with security. It's purely anti-competitive.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:47 JST GrapheneOS

     in reply to

     It's worth noting Android has a standard hardware attestation API for verifying the hardware, firmware, OS and app. This supports alternate roots of trust and non-stock operating systems if apps choose to support it. Apps could perform stronger checks while allowing GrapheneOS.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:47 JST GrapheneOS

     in reply to

     Android's hardware attestation API has anti-competition issues due to the official verification libraries hard-wiring the Google roots and encouraging only permitting the stock OS. However, it does fully support any other OS with verified boot and can be used with other root CAs.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:48 JST GrapheneOS

     in reply to

     We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.

   • Embed this notice
     GrapheneOS (grapheneos@grapheneos.social)'s status on Friday, 23-May-2025 11:05:49 JST GrapheneOS

     in reply to

     This is being done alongside Google recommending app developers forbid installing their apps from the Play Store on operating systems not licensing Google Mobile Services. The combination of these feature ends up blocking users from easily using the apps without modifying them.