Let's hope the result of this action (cry for attention) is a swift acceptance by Google of GrapheneOS being a worthy, trusted and legitimate Android partner.
And maybe we could even get Google Wallet/Pay contactless payments (if one so desires).

Authy aside, to me there appears to be a trend in more (banking) apps simply relying upon Google Playstore attestation for general functionality AND/OR Google Wallet/Pay for contactless payments. It's important that GrapheneOS crosses this bridge.

    Great news, thank you so much for your commitment!

    And that there seem to be around 200-250k GrapheneOS users is also awsome news!

    As with how they handle giving out partner access, the Play Integrity API serves the interests of Google's business model. They have no valid excuse for not allowing GrapheneOS to pass device and strong integrity. If app developers want to ban it, they can still do it themselves.

    source: https://grapheneos.social/@GrapheneOS/112878078828297123

    @GrapheneOS
    If you can prove that Play Integrity API serves Google's business interests, it would probably not be the worst idea (if you don't have this on your radar anyway) to (also) seek proceedings in the EU with regard to the Digital Markets Act (DMA) as EU has designated Alphabet as one of six gatekeepers. The core platform services designated by the EU also include Google Play and Android Mobile.

    Some notable fines could be imposed in the event of infringements – hopefully this could give you some leverage.

    We continued reporting vulnerabilities upstream. However, we're going to stop reporting most vulnerabilities until GrapheneOS is no longer blocked by the Play Integrity API.

    source: https://grapheneos.social/@GrapheneOS/112878079604085329

    Even if I can understand this step as a means of exerting pressure on Google- doesn't this ultimately weaken the security of devices with GrapheneOS too?

    (And I personally have always liked the fact that GrapheneOS has altruistically improved the security of all other Android users as well by reporting security vulnerabilities...)

      That's amazing. Good to see some pushback against these monopolistic practices.

      • [deleted]

      Let's say Graphene would become unusable for certain apps like banking and contactless payment. Would it then be better to switch to an iPhone or use regular Android and admit defeat against Google?

        Well, that's running ahead quite fast, isn't it? The call to Google has only just been made.
        As things develop (or not) each can make their own decision whether to move in one diection or another, or continue using GOS with its benefits and possibilities.

        [deleted] unusable for certain apps like banking and contactless payment.

        I mean, banking can be done through browsers as long as you aren't using an app-only bank (e.g. Monzo), and contactless payment isn't something I would deem as essential enough to leave GrapheneOS. Besides, as far as I'm aware contactless payments work, its just Google Pay that doesn't. Banks can provide contactless payments themselves and it should work.

          Dumdum

          It's only going to get worse though. I even heard the McDonald's app of all things is requiring Play integrity...

          It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.

            • [deleted]

            Dumdum That sounds good enough for me

            Viewpoint0232 It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.

            Of course. Never said it wasn't. I was just addressing the banking and contactless payments. Hopefully the action against Google can give them the appropriate slap needed to make them behave (and maybe even give GrapheneOS actual certification finally).

            Shall we call it "an action to get in contact/cooperation with Google"?

            [deleted] Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels.

            Let's see the strategy of Google and how it goes. As of now my banking app doesn't need Google and has no problems with GrapheneOS features like Memory tagging, so I am still fine.

              • [deleted]

              lambd Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels

              OpenHarmony like in chinese OS? I wouldn't trust them more than Google.

                [deleted]
                OpenHarmony is open source with the permissive Apache license. There's no need to stir things up against them. If the code, for whatever reason, has bad stuff in it, the code can be modified accordingly. Having said that, I doubt that OpenHarmony will be good for GrapheneOS any time soon, if ever at all.

                  • [deleted]

                  Dumdum I stand corrected good Sir.

                  I sent this email to ec-dma@ec.europea.eu

                  You might have heard or received emails about the how Google Play Integrity is an anti-competitive, monopolistic product that is clearly against the intentions of the Digital Markets Act.

                  One example for a news article talking about the issue: https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

                  In short, Google will only certify "OEM" Android versions, pretending it's for "safety". The reality is a different one: actually safe systems, such as the aforementioned GrapheneOS, are excluded from getting Play Integrity approval, while ancient OEM Android versions as old as Android 5 (hasn't received any security updates in 8 years) are approved. So clearly, this is not about security and it's just a thinly veiled excuse to exclude Android-based open source operating systems from such as GrapheneOS or LineageOS from being viable competitors as suddenly lots of apps refuse to work due to the lack of a Google stamp of approval, and this is not just limited to banking apps.

                  This keeps alive the duopoly of iOS and Google Android (which is forced to have various Google apps preinstalled in order to pass Play Integrity) and artificially harms open source or de-googled competitors without any technical or security-related arguments to do so. It also means that European operating systems such as /e/ (https://e.foundation/) and iodeOS (https://iode.tech/) are disadvantaged due to Google's anti-competitive behaviour.

                  So I would please ask you to hear out the arguments the GrapheneOS developers (and I hear also the microG developers) are bringing forth and not to be afraid of taking action against Google.

                  This was just written in 5 minutes so probably far from perfect but I would encourage others to chime in and let the European Commission know what you think.

                  It would be interesting if some actors will share the real reason why some apps decide to use Play Integrity API.

                  Are they bound by the terms of their contract or are they being actively encouraged to add it when they are partner with Google...

                  I'll just wait and see what happens.
                  Then I'll decide how to proceed.
                  Because it's often the same as always:
                  Firstly, things turn out differently and secondly, not as you think

                    • [deleted]

                    zzz

                    That was the most reading I've done on Mastodon in a long while, thanks for posting this.

                    Stephan-P We've already previously been in contact with the EU Commission. They're not empty words and we don't expect they'll change their stance towards us on their own.