Great news, thank you so much for your commitment!
And that there seem to be around 200-250k GrapheneOS users is also awsome news!
As with how they handle giving out partner access, the Play Integrity API serves the interests of Google's business model. They have no valid excuse for not allowing GrapheneOS to pass device and strong integrity. If app developers want to ban it, they can still do it themselves.
source: https://grapheneos.social/@GrapheneOS/112878078828297123
@GrapheneOS
If you can prove that Play Integrity API serves Google's business interests, it would probably not be the worst idea (if you don't have this on your radar anyway) to (also) seek proceedings in the EU with regard to the Digital Markets Act (DMA) as EU has designated Alphabet as one of six gatekeepers. The core platform services designated by the EU also include Google Play and Android Mobile.
Some notable fines could be imposed in the event of infringements – hopefully this could give you some leverage.
We continued reporting vulnerabilities upstream. However, we're going to stop reporting most vulnerabilities until GrapheneOS is no longer blocked by the Play Integrity API.
source: https://grapheneos.social/@GrapheneOS/112878079604085329
Even if I can understand this step as a means of exerting pressure on Google- doesn't this ultimately weaken the security of devices with GrapheneOS too?
(And I personally have always liked the fact that GrapheneOS has altruistically improved the security of all other Android users as well by reporting security vulnerabilities...)