• Off TopicSolved
  • [admin: misinformation about SafetyNet Attestation API deprecation]

Elk9877 From now on, app makers will gradually start enforcing MEETS_STRONG_INTEGRITY

Its very unlikely that most app developers will do this.

Is there anything we, the community users, can do something to help you guys to get GOS attestated?

    • [deleted]

    GrapheneOS will continue to be a research and development project that will benefit stock Android users. I don't think it's crazy for Google to lock down its system.

    Can't the MEETS_STRONG_INTEGRITY flag just be spoofed by GrapheneOS?

    Obviously if an app actually checks the attestation certificates with Google, they'll realize it's not legit, but maybe most apps won't go that far.

    Elk9877 From now on, app makers will gradually start enforcing MEETS_STRONG_INTEGRITY and locking out custom ROM users.

    That's annoying to see. Is this going to affect, in the future, the google play compatibility layer of grapheneos?

    Volen do something to help you guys to get GOS attestated?

    Unless a number of things change with their requirements its unlikely Google would ever certify GrapheneOS see https://discuss.grapheneos.org/d/10712-what-are-stoppers-of-grapheneos-becoming-a-google-certified-os/7

    Currently Play Integrity, as used by apps, does not provide useful security guarantees about the OS for the app. The OS can be very old and long out of security updates.

    Very few, if any, apps use the more strict hardware backed Integrity so it is possible for an OS to spoof Integrity, presenting itself as another OS/device that passes. Google are cracking down on spoofing by denying Integrity passes for OS/device identities that they have discovered are being used by spoofers.

    cdflasdkesalkjfkdfkjsdajfd What other apps will be blocked besides banks?

    It is only apps which feel there is some kind of security benefit to them for using Play Integrity and if the app developer looks at how Integrity works they will see that there is very limited or no benefits to them and instead disadvantages. There have been very few apps besides banking apps using Safetynet or Integrity and it is highly likely to remain that way. A number of apps that started using Safetynet dropped it and havent switched to Integrity.

    A small number of app developers are confused and mark their apps on Play Store as using Integrity but dont actually have it implemented within their app. These apps will run on a device which doesnt pass Integrity.

    I suppose that the only positive way for GrapheneOS would be an EU or californian regulation on that field ?...
    Edit : by the way, isn't that problem already covered by EU digital markets act ?

    • [deleted]

    • Edited

    The end of SafetyNet is disheartening to read and experience.

    This is especially concerning for me in Norway, as some of my proprietary apps rely on SafetyNet. With SafetyNet no longer available, these apps will gradually be enforcing the requirement for MEETS_STRONG_INTEGRITY, gradually locking out my alternative operating system GrapheneOS.

    I reached out to app developers about Attestation Support Got replies from some, left on unread by others.

    I've been lurking here a few months. I made the decision to go GrapheneOS and I'm waiting on a P8P to arrive. This recent news really sucks to read, but I don't know enough about all of this to conclude anything. Could this possibly be the end of GrapheneOS and other roms?
    Just dumped a lot of $$ to make this switch.
    I hope it doesn't end... I just got here.

      biscuit_tosser_88 same here bud. I was very impressed with Graphene when I finally made the switch...

      No worries only a tiny percentage of apps are and will be concerned...

      All this story seems a bit overevaluated to me ! Let's just see how things go. For now, GrapheneOS remains supported by the vast majority of banking apps and even many ID apps.

      Good to hear. I'm going all in anyway. We'll see what happens.

      GrapheneOS changed the title to end of Safetynet [misleading thread, no impact on GrapheneOS users] .

      SafetyNet Attestation API being replaced with the Play Integrity API has no particular relevance to GrapheneOS. This thread is highly misleading. Apps enforcing Google certification don't work on GrapheneOS regardless of whether they use the legacy SafetyNet Attestation API or the Play Integrity API. This thread misinterprets SafetyNet Attestation API being phased out as something that will reduce app compatibility when that's not the case at all. GrapheneOS never spoofed the weak software-based attestation checks for Google certification because we're well aware hardware attestation exists and is available for apps to use. The legacy API had essentially the same modes too, it just wasn't properly implemented. The only issue is that they're more actively promoting checking for Google certification.

      GrapheneOS changed the title to [admin: misinformation about SafetyNet Attestation API deprecation] .