Comment by Fire-Dragon-DoL
2 years ago
The reason is that there is no open source os that can be verified with the play integrity api. Forget authy, you cannot run netflix or most banking apps.
That's effectively discrimination for people who don't want to be tracked or people who don't want to give money to google.
Given Google has a monopoly, this is pretty heavy.
I agree with some of your facts but not your conclusions. I see why people want to use GrapheneOS. I respect and admire the security efforts of the authors of GrapheneOS. The users of GrapheneOS may have totally legitimate security requirements that lead them to choose it. But if Netflix doesn't want their program to run on GrapheneOS, isn't that their business?
Netflix wants a hardware attestation API to prevent abuse, GrapheneOS can provide that API abstracted through the integrity API, but Google won't authorize it.
This, but notably also: the hardware attestation API will report a device as fully locked down and secured even when a device is infected with a sophisticated-enough piece of malware. Plus, in the past manufacturer keys have leaked but keys have not been revoked.
Hardware attestation is quite useless when a device that hasn't received a single security update in four years is considered safe, but a locked-down ROM implementing everything Google has invented and more is considered dangerous.
> you cannot run netflix or most banking apps
This isn't entirely true. My phone runs a custom ROM, but has no root. Google Wallet works (to my surprise) as does my banking app.
Amazon Prime and Netflix will play video, but only in SD, so I torrent all of those shows for when I'm not watching them on Windows.
Once you root your phone, more features get disabled. You can still get everything to work again (as root detection APIs still cannot beat root access) but that's an ever lasting arms race of annoying workarounds and features that break randomly.
To be somewhat fair to Google, several custom ROMs, including LineageOS, do disable a LOT of security features that even outdated vendor ROMs will keep enabled, because they're a pain to implement properly. However, GrapheneOS is one of the few operating systems that would rather break app compatibility than risk exposing their users to software vulnerabilities. A Pixel with an official GrapheneOS ROM and a locked bootloader should receive the same security status, or perhaps an even better one, than many phones running stock firmware.
I'm not sure I agree, to be honest. As far as I'm aware: Google doesn't force app developers distributing on the Play Store to opt-in to Play Integrity; Google doesn't force app developers to exclusively distribute through the Play Store; Google doesn't force third party Android-based operating systems to use Google Play Services or the Play Store; and Google doesn't force end-users into using official Android builds versus third party builds.
I have zero energy toward feeling anger at this situation. I don't even feel Google should or aught to change their behavior.
But Google is the dominant player and this makes a difference (Google is not always free to do what they want). GrapheneOS is not allowed in Play Integrity not because of reduced security, but because Google's spyware is not installed there with elevated permissions and unremovable.
I don't feel that's relevant when app developers are free to recognize that as a drawback of Play Integrity and not use it (which to my understanding is the case, but I have not done android development in many years).
On the one hand, you can make the argument that Google "ought" to allow Graphene into this program, because they have at least as good operating system security and hardware attestation as first-party android distributions. On the other hand: doing so would effectively mean Google is now a responsible party in the security processes and posture of Graphene; which isn't only a level of responsibility Google likely does not want, its a level of responsibility Graphene is unlikely to grant or agree to.
Google being the dominate player is not relevant. Google acting anti-competitively would be; but I have seen no evidence of this, at least when it comes to their treatment of third party android operating systems and third party app stores. (Google's other business divisions are a different story; and specifically, Google's interactions and deals with the Galaxy Store are a little suspicious and IIRC came under fire from regulators recently. But, none of this is relevant to this discussion as far as I can tell).
2 replies →