Comment by jeffbee
2 years ago
What is the perspective of the authors of Authy here? If they want the integrity API to limit their app to official builds, then it is working as intended by them and presumably by the users who freely choose Authy over other apps. I am not sure why Graphene has standing here.
1. According to the article, graphene says that the play integrity API doesn't do what it is advertised to do, so arguing that it is a security mechanism is false.
2. Speculation: They could argue that apps should not be allowed to lock out alternative OSes, but only alert users of "reduced security".
3. I'm glad I left authy for Proton.
But there could be no "reduced security", even for apps. It's just that there's no Google spyware installed on the device with elevated permissions, that's why Google won't approve GrapheneOS.
The whole thing is about trust. Google, Apple and MS are setting themselves up as authorities of trust for hardware.
Authy took the stance that if an OS vendor doesn't sign the bootloader/OS, then it is possible the OS is compromised and other apps could maliciously interact with Authy.
I don't like where that takes us from a computing freedom perspective.
The reason is that there is no open source os that can be verified with the play integrity api. Forget authy, you cannot run netflix or most banking apps.
That's effectively discrimination for people who don't want to be tracked or people who don't want to give money to google.
Given Google has a monopoly, this is pretty heavy.
I agree with some of your facts but not your conclusions. I see why people want to use GrapheneOS. I respect and admire the security efforts of the authors of GrapheneOS. The users of GrapheneOS may have totally legitimate security requirements that lead them to choose it. But if Netflix doesn't want their program to run on GrapheneOS, isn't that their business?
Netflix wants a hardware attestation API to prevent abuse, GrapheneOS can provide that API abstracted through the integrity API, but Google won't authorize it.
1 reply →
> you cannot run netflix or most banking apps
This isn't entirely true. My phone runs a custom ROM, but has no root. Google Wallet works (to my surprise) as does my banking app.
Amazon Prime and Netflix will play video, but only in SD, so I torrent all of those shows for when I'm not watching them on Windows.
Once you root your phone, more features get disabled. You can still get everything to work again (as root detection APIs still cannot beat root access) but that's an ever lasting arms race of annoying workarounds and features that break randomly.
To be somewhat fair to Google, several custom ROMs, including LineageOS, do disable a LOT of security features that even outdated vendor ROMs will keep enabled, because they're a pain to implement properly. However, GrapheneOS is one of the few operating systems that would rather break app compatibility than risk exposing their users to software vulnerabilities. A Pixel with an official GrapheneOS ROM and a locked bootloader should receive the same security status, or perhaps an even better one, than many phones running stock firmware.
I'm not sure I agree, to be honest. As far as I'm aware: Google doesn't force app developers distributing on the Play Store to opt-in to Play Integrity; Google doesn't force app developers to exclusively distribute through the Play Store; Google doesn't force third party Android-based operating systems to use Google Play Services or the Play Store; and Google doesn't force end-users into using official Android builds versus third party builds.
I have zero energy toward feeling anger at this situation. I don't even feel Google should or aught to change their behavior.
But Google is the dominant player and this makes a difference (Google is not always free to do what they want). GrapheneOS is not allowed in Play Integrity not because of reduced security, but because Google's spyware is not installed there with elevated permissions and unremovable.
3 replies →