Well, that's running ahead quite fast, isn't it? The call to Google has only just been made.
As things develop (or not) each can make their own decision whether to move in one diection or another, or continue using GOS with its benefits and possibilities.
Action against Google
[deleted] unusable for certain apps like banking and contactless payment.
I mean, banking can be done through browsers as long as you aren't using an app-only bank (e.g. Monzo), and contactless payment isn't something I would deem as essential enough to leave GrapheneOS. Besides, as far as I'm aware contactless payments work, its just Google Pay that doesn't. Banks can provide contactless payments themselves and it should work.
It's only going to get worse though. I even heard the McDonald's app of all things is requiring Play integrity...
It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.
[deleted]
Dumdum That sounds good enough for me
Viewpoint0232 It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.
Of course. Never said it wasn't. I was just addressing the banking and contactless payments. Hopefully the action against Google can give them the appropriate slap needed to make them behave (and maybe even give GrapheneOS actual certification finally).
Shall we call it "an action to get in contact/cooperation with Google"?
[deleted] Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels.
Let's see the strategy of Google and how it goes. As of now my banking app doesn't need Google and has no problems with GrapheneOS features like Memory tagging, so I am still fine.
[deleted]
lambd Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels
OpenHarmony like in chinese OS? I wouldn't trust them more than Google.
[deleted]
OpenHarmony is open source with the permissive Apache license. There's no need to stir things up against them. If the code, for whatever reason, has bad stuff in it, the code can be modified accordingly. Having said that, I doubt that OpenHarmony will be good for GrapheneOS any time soon, if ever at all.
[deleted]
Dumdum I stand corrected good Sir.
I sent this email to ec-dma@ec.europea.eu
You might have heard or received emails about the how Google Play Integrity is an anti-competitive, monopolistic product that is clearly against the intentions of the Digital Markets Act.
One example for a news article talking about the issue: https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/
In short, Google will only certify "OEM" Android versions, pretending it's for "safety". The reality is a different one: actually safe systems, such as the aforementioned GrapheneOS, are excluded from getting Play Integrity approval, while ancient OEM Android versions as old as Android 5 (hasn't received any security updates in 8 years) are approved. So clearly, this is not about security and it's just a thinly veiled excuse to exclude Android-based open source operating systems from such as GrapheneOS or LineageOS from being viable competitors as suddenly lots of apps refuse to work due to the lack of a Google stamp of approval, and this is not just limited to banking apps.
This keeps alive the duopoly of iOS and Google Android (which is forced to have various Google apps preinstalled in order to pass Play Integrity) and artificially harms open source or de-googled competitors without any technical or security-related arguments to do so. It also means that European operating systems such as /e/ (https://e.foundation/) and iodeOS (https://iode.tech/) are disadvantaged due to Google's anti-competitive behaviour.
So I would please ask you to hear out the arguments the GrapheneOS developers (and I hear also the microG developers) are bringing forth and not to be afraid of taking action against Google.
This was just written in 5 minutes so probably far from perfect but I would encourage others to chime in and let the European Commission know what you think.
It would be interesting if some actors will share the real reason why some apps decide to use Play Integrity API.
Are they bound by the terms of their contract or are they being actively encouraged to add it when they are partner with Google...
I'll just wait and see what happens.
Then I'll decide how to proceed.
Because it's often the same as always:
Firstly, things turn out differently and secondly, not as you think
[deleted]
AlphaElwedritsch Wise words.
[deleted]
That was the most reading I've done on Mastodon in a long while, thanks for posting this.
Stephan-P We've already previously been in contact with the EU Commission. They're not empty words and we don't expect they'll change their stance towards us on their own.
This is amazing from GrapheneOS.
Is there any way for me to directly support the legal action against Google?
Dumdum Unfortunately, my banks have their check deposit function solely in their apps (i.e., can't do it from their web page). Neither of my banks have local branches.
- Edited
Murcielago Even if I can understand this step as a means of exerting pressure on Google- doesn't this ultimately weaken the security of devices with GrapheneOS too?
Not necessarily. They can still patch security vulnerabilities in GOS without reporting them to be patched in AOSP.