← Back to context

Comment by subscribed

17 days ago

This is a misleading way to put it.

Re: Android.

Goggle can supports AOSP attestation like any other vendor who wants to support it. They invented it.

So instead of immediately locking down everyone using android to ONLY Google-dependent method, I'd developers could go the vendor agnostic way, but consciously decided not to.

It's untrue to claim that supporting AOSP attestation only serves GrapheneOS and leaves out everyone using Google-surveiled handset.

Nb, mixing it up with Apple is a conscious way to further the false claim, and I believe it's not accidental since these ecosystems are naturally completely separate.

3 comments

subscribed

Reply
illiac786  17 days ago

You are misleading in fact, you use terms such as:

“it won’t work on GrapheneOS” “locking down everyone using android to ONLY Google-dependent method”

which make it sound like it’s a permanent and definitive limitation.

It is not, they can add support later, as they stated already.

> It's untrue to claim that supporting AOSP attestation only serves GrapheneOS and leaves out everyone using Google-surveiled handset.

hmmm, what do you have in mind? Publish it to F-Droid but not to the google app store?

  • subscribed  15 days ago

    I indeed said "locking down everyone (...) to only Google-depended method"

    It is a permanent limitation until it's resolved by the vendor, isn't?

    You are phrasing it like it was untrue that on non-Google Androids it will work.

    It's false - it will not, until it's fixed (changed).

    They CAN add the alternative methods later but until they added they're not there.

    So it's a permanent failure until (not unless) until it's resolved by either removing the hard dependency on Google Play Integrity or adding alternative attestation methods.

    And your last comment about FDroid is a little bizarre to be honest - if it's meant to be available it must be on the Google Play too.

    I was just objecting the suggestion that ADDING alternative methods of attestation somehow precludes devs from using Google play integrity as well.

    • illiac786  15 days ago

      What’s a temporary failure then for you, I’m curious? Everything is permanent, following your definition.

      You didn’t answer my question. I don’t understand what you are suggesting. You want them to do AOSP at the same time rather than afterward? You simply disagree with they prioritisation? They stop using words like lockdown, it’s misleading. Say “I wish they had included AOSP support in the initial release” then everyone understand what you want.