• GeneralSolved
  • [admin: misinformation about SafetyNet Attestation API deprecation]

Sorry if this was answered somewhere, but I couldnt find it.

Banking apps will require Play integrity verification NOW, in a few months probably most apps will stop working.

Either they implement the way described here or GrapheneOS gets a Google certified OS.

Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?

    • [deleted]

    What are the stoppers of YOU becoming non-reliant on Google environment? GrapheneOS doesn't come prebundled with Google Play Services and as such is fully functional.

      [deleted] He already gave a legitimate reason:

      Banking apps will require Play integrity verification NOW, in a few months probably most apps will stop working.

      Most apps adopting Play Integrity API is incredibly unrealistic. The apps using Play Integrity API is a small minority when you account for the amount of maintained apps in the Play Store.

      Beyond that, I expect that Play Integrity API and other such anti-competitive practices will eventually be scrutinized and potentially made illegal, perhaps by the EU or similar.

      GrapheneOS cannot be a Google-certified OS. By its very nature, it changes things which make that impossible, such as adding new, non-standard permissions (think Sensors permissions).

        missing-root "Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?"

        Because Google has to sign off on that

        missing-root
        The OS would need to pass the Compatibility Test Suite, which it does not as some GrapheneOS changes are not compatible with some of those tests. If you are interested you can run CTS to find out what tests fail.

        Also privileged Play Services and some other Google apps would have to be included in the OS.

        Unless Google significantly change their requirements GrapheneOS will never be a Google certified OS.

        missing-root Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?

        Fundamentally it's up to them.

        I think so far they certify only OS stacks which meet a very long list of requirements including branding, pre-installing the Play infrastructure, pre-installing specific Google apps, etc. -- and those things must be enforced by a contract signed by a company (so far, that is a company building a device).

        After encountering an error (solved) earlier today with Google Authenticator app, I want to use non-Google apps especially if it is an account that can not be duplicated. (email, photos, password managers, authenticator app) I only use Maps now because I can not find an alternative maps navigation app that is as good as Maps or Waze.

          tacobearman8 Sadly I don't think we will ever get a replacement for Maps/Waze because the only thing we really have for nav data is open street maps

            I am trying Magic Earth now. So far, it is terrible and I hate it. I can not even figure out how to start using it. I'm sure it is ok but I definitely see why people love google or apple when their stuff just works. I hate spending time learning something that should be intuitive, but all the Open Street Maps software I have tried so far has equally confusing user interface.

            raccoondad

            Thanks to Overture Maps, high quality map data is being developed outside Google.

            It doesn't mean that we will have great Maps/Waze alternatives soon, but it is at least a huge step towards this goal.

            This is just ridiculous, controlling what devices and OS' the app can run on. For now call banks or maybe website.

              soupslurpr It makes sense for bank apps NGL, they are held responsible if something happens. Even if it's user error

              They shouldn't be using an anti competitive technology and it doesn't really result in a security benefit

                soupslurpr The attestation is a form of insurance I imagine, similar to why a lot of DRM won't work on certain operating systems.

                Is this a good system? No, but I understand why a bank specifically would do it. Otherwise they are risking themselves to a lot of issues

                This isn't to say GOS isn't secure, but rather banks want to verify what operating system the application is running on and sadly GOS isn't on their list of acceptable OSes. Mostly because of play store integrity

                Same reason google pay won't work in the states, Google wants a controlled env. or else they might be held responsible if something goes wrong

                Again, i'm kind of guessing here

                matchboxbananasynergy

                Are there plans (if technically possible) to spoof any software-based Play Integrity checks? Otherwise, banking apps might stop working soon, now that Safetynet is finally dead.