zlacker

[return to "Google restricts Android sideloading"]
1. microt+d6[view] [source] 2025-06-05 17:10:27
>>fsflov+(OP)
The sideloading restriction is easily solved by installing GrapheneOS, which has all the security benefits of Google's Android on Pixel.

In parallel, Google has rolled out its Play Integrity API, which allows developers to limit app functionality when sideloaded, effectively pushing users to install apps only through the Google Play Store.

The issue is even bigger. Even when using Play Store on GrapheneOS with a locked bootloader (which is the recommended configuration by the GrapheneOS project), Google refuses to let apps use the hardware attestation support in the Play Integrity API [1], which blocks certain banking apps, Google Wallet, etc.

It's insane that Google lets Android vendors that have a lot of dubious security practices (months-late security updates, etc.) pass, while an OS that implements more security mitigations than PixelOS and is sometimes faster than Google rolling out security updates is excluded.

The move, developed in partnership with Singapore’s Cyber Security Agency, is designed to prevent fraud and malware-enabled scams.

Time to block the Facebook/Instagram apps then, given https://localmess.github.io ?

[1] https://grapheneos.social/@GrapheneOS/112878070618462132

◧◩
2. charci+v8[view] [source] 2025-06-05 17:21:10
>>microt+d6
Android's key attestation API is supported on GrapheneOS that apps can integrate with.

https://grapheneos.org/articles/attestation-compatibility-gu...

◧◩◪
3. NoGrav+rg[view] [source] 2025-06-05 18:14:37
>>charci+v8
Yes, but vanishingly few apps actually use that, rather than Google Play Integrity. As a result, in general it is fair to say that Android apps that require hardware attestation will not run on GrapheneOS. I say this as a satisfied GrapheneOS user.
[go to top]