• GeneralSolved
  • [admin: misinformation about SafetyNet Attestation API deprecation]

  • [deleted]

What are the stoppers of YOU becoming non-reliant on Google environment? GrapheneOS doesn't come prebundled with Google Play Services and as such is fully functional.

    [deleted] He already gave a legitimate reason:

    Banking apps will require Play integrity verification NOW, in a few months probably most apps will stop working.

    Most apps adopting Play Integrity API is incredibly unrealistic. The apps using Play Integrity API is a small minority when you account for the amount of maintained apps in the Play Store.

    Beyond that, I expect that Play Integrity API and other such anti-competitive practices will eventually be scrutinized and potentially made illegal, perhaps by the EU or similar.

    GrapheneOS cannot be a Google-certified OS. By its very nature, it changes things which make that impossible, such as adding new, non-standard permissions (think Sensors permissions).

      missing-root "Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?"

      Because Google has to sign off on that

      missing-root
      The OS would need to pass the Compatibility Test Suite, which it does not as some GrapheneOS changes are not compatible with some of those tests. If you are interested you can run CTS to find out what tests fail.

      Also privileged Play Services and some other Google apps would have to be included in the OS.

      Unless Google significantly change their requirements GrapheneOS will never be a Google certified OS.

      missing-root Can someone list the issues that actively prohibit GrapheneOS from being a Google Certified OS?

      Fundamentally it's up to them.

      I think so far they certify only OS stacks which meet a very long list of requirements including branding, pre-installing the Play infrastructure, pre-installing specific Google apps, etc. -- and those things must be enforced by a contract signed by a company (so far, that is a company building a device).

      After encountering an error (solved) earlier today with Google Authenticator app, I want to use non-Google apps especially if it is an account that can not be duplicated. (email, photos, password managers, authenticator app) I only use Maps now because I can not find an alternative maps navigation app that is as good as Maps or Waze.

        tacobearman8 Sadly I don't think we will ever get a replacement for Maps/Waze because the only thing we really have for nav data is open street maps

          I am trying Magic Earth now. So far, it is terrible and I hate it. I can not even figure out how to start using it. I'm sure it is ok but I definitely see why people love google or apple when their stuff just works. I hate spending time learning something that should be intuitive, but all the Open Street Maps software I have tried so far has equally confusing user interface.

          raccoondad

          Thanks to Overture Maps, high quality map data is being developed outside Google.

          It doesn't mean that we will have great Maps/Waze alternatives soon, but it is at least a huge step towards this goal.

          This is just ridiculous, controlling what devices and OS' the app can run on. For now call banks or maybe website.

            soupslurpr It makes sense for bank apps NGL, they are held responsible if something happens. Even if it's user error

            They shouldn't be using an anti competitive technology and it doesn't really result in a security benefit

              soupslurpr The attestation is a form of insurance I imagine, similar to why a lot of DRM won't work on certain operating systems.

              Is this a good system? No, but I understand why a bank specifically would do it. Otherwise they are risking themselves to a lot of issues

              This isn't to say GOS isn't secure, but rather banks want to verify what operating system the application is running on and sadly GOS isn't on their list of acceptable OSes. Mostly because of play store integrity

              Same reason google pay won't work in the states, Google wants a controlled env. or else they might be held responsible if something goes wrong

              Again, i'm kind of guessing here

              matchboxbananasynergy

              Are there plans (if technically possible) to spoof any software-based Play Integrity checks? Otherwise, banking apps might stop working soon, now that Safetynet is finally dead.

                Elk9877 I'd suggest reading this comment by the project account: https://discuss.grapheneos.org/d/10650-drm-provisioning-and-internet-access-pinning-why-choose-gos-servers/14

                It's not possible to spoof the strong checks for a Google certified OS. The non-strong checks can be spoofed by pretending to be an obsolete device without hardware attestation, but they're cracking down on this spoofing in different ways and it's eventually going to be entirely ruled out by requiring hardware attestation across the board. It's pointless for a production OS to mess around with this. GrapheneOS needs to be something people can depend on rather than knowingly hacking around something we know is guaranteed to stop working.