Comment by Zak
16 hours ago
This goes beyond simply using Play Integrity, which normally just does remote attestation of the operating system. The next level is allowing an app to check its own package for modifications or installation from an unapproved source, but this goes beyond even that and gives the app the ability to check where a third-party app came from.
Google are assholes for building this.
> The next level is allowing an app to check its own package for modifications
You can't modify them. They're signed. If you modify and resign it gets installed with a different key (ie the one you signed with) hence it's a different app as far as it's concerned.
To get around that you need signature spoofing which Lineage famously refused to include.
Agreed that BigTech in general is making the world worse by implementing security features in ways that erode user freedom.