Comment by unethical_ban
2 years ago
1. According to the article, graphene says that the play integrity API doesn't do what it is advertised to do, so arguing that it is a security mechanism is false.
2. Speculation: They could argue that apps should not be allowed to lock out alternative OSes, but only alert users of "reduced security".
3. I'm glad I left authy for Proton.
But there could be no "reduced security", even for apps. It's just that there's no Google spyware installed on the device with elevated permissions, that's why Google won't approve GrapheneOS.
The whole thing is about trust. Google, Apple and MS are setting themselves up as authorities of trust for hardware.
Authy took the stance that if an OS vendor doesn't sign the bootloader/OS, then it is possible the OS is compromised and other apps could maliciously interact with Authy.
I don't like where that takes us from a computing freedom perspective.