Does this affect us, and if yes, how?
wjl The Play Integrity API affects all operating systems/applications that are not certified by Google, it's an anti-competitive decision that doesn't add any security measures, end-of-life Android devices with tons of vulnerabilities pass the tests without problems. Measures will be taken.
https://nitter.poast.org/GrapheneOS/status/1817982028584993193#m
wjl It does affect GrapheneOS users -- in the way described. The piece refers to the recent issue experienced by Authy users on GrapheneOS, for example.
If more apps blindly implement Google's integrity-check system then more apps will refuse to run on AOSP, and GrapheneOS, and DivestOS, and LineageOS, etc. But some app authors, such as the Starling bank in the UK, have made allowances for GrapheneOS; other apps could do the same.
As pointed out, at present Google's code declares very-old copies of Google's OS, with known security vulnerabilities, to have "integrity", while rejecting up-to-date GrapheneOS. This undermines the notion that the "integrity" check provides an assurance of device security, or that a device has not been tampered with.
This issue does not appear to affect open-source apps, so some users might want to look into shifting in that direction.
Please note that I do not speak for the GrapheneOS project.
de0u so some users might want to look into shifting in that direction.
if "doing" were always as easy as "saying"