zlacker

[return to "Graphene OS: a security-enhanced Android build"]
1. matheu+cP[view] [source] 2025-07-25 05:30:30
>>madars+(OP)
It's a shame that Android as a whole is trending towards hardware remote attestation. It's pretty much guaranteed that app developers will eventually start writing their apps so that they refuse to run on anything that doesn't pass Google Play Integrity. Being unable to run WhatsApp or bank apps on GrapheneOS will render it useless as a smartphone operating system. It might not be happening right now but the threat of it looms eternal. My bank could flip a switch somewhere and suddenly my phone becomes useless for the purpose of accessing my bank account.

The Google Pixel requirement also makes me sad. I understand that they have solid reasons why. The problem is Google is incapable of selling their phones worldwide. It's really embarrassing for Google and unfortunate for me.

◧◩
2. icar+CT[view] [source] 2025-07-25 06:19:37
>>matheu+cP
Hardware attestation and Google Play Integrity are two different things, and the former solves the monopolistic practices of the latter.
◧◩◪
3. matheu+1X[view] [source] 2025-07-25 06:52:20
>>icar+CT
Not at all. They are one and the same. Both of those things will literally destroy the computer freedom we enjoy today.

GrapheneOS can attest to the device's security. The question is whether the app developers will trust such an attestation. Will they put money, time and effort into evaluating and trusting GrapheneOS? Of course not. They will just decide to trust nobody except Google and Apple.

This is the future. We'll be discriminated against. Can't even log into an account from an "unauthorized device". Their servers will just refuse to talk to our phones if they can't cryptographically verify that we have not "tampered with" them. We'll be refused service straight up unless our computers are straight up owned by corporations.

This so called "integrity checking" is meant to protect the corporations from us, not the other way around. It's so we can't do things like hack our way around their "policies".

◧◩◪◨
4. mbanan+1c2[view] [source] 2025-07-25 16:38:27
>>matheu+1X
Well, there are examples such as Yuh and Swissquote which are using Play Integrity API and also using hardware attestation to specifically allow GrapheneOS. The latter is in the process of implementing what's needed right now.

We also expect Google's Play Integrity API to inevitably be ruled as anti-competitive, which it is.

[go to top]