Viewpoint0232 It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.

Of course. Never said it wasn't. I was just addressing the banking and contactless payments. Hopefully the action against Google can give them the appropriate slap needed to make them behave (and maybe even give GrapheneOS actual certification finally).

Shall we call it "an action to get in contact/cooperation with Google"?

[deleted] Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels.

Let's see the strategy of Google and how it goes. As of now my banking app doesn't need Google and has no problems with GrapheneOS features like Memory tagging, so I am still fine.

    • [deleted]

    lambd Maybe one day OpenHarmony will be better than Android and other smartphones will be better than Google Pixels

    OpenHarmony like in chinese OS? I wouldn't trust them more than Google.

      [deleted]
      OpenHarmony is open source with the permissive Apache license. There's no need to stir things up against them. If the code, for whatever reason, has bad stuff in it, the code can be modified accordingly. Having said that, I doubt that OpenHarmony will be good for GrapheneOS any time soon, if ever at all.

        • [deleted]

        Dumdum I stand corrected good Sir.

        I sent this email to ec-dma@ec.europea.eu

        You might have heard or received emails about the how Google Play Integrity is an anti-competitive, monopolistic product that is clearly against the intentions of the Digital Markets Act.

        One example for a news article talking about the issue: https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

        In short, Google will only certify "OEM" Android versions, pretending it's for "safety". The reality is a different one: actually safe systems, such as the aforementioned GrapheneOS, are excluded from getting Play Integrity approval, while ancient OEM Android versions as old as Android 5 (hasn't received any security updates in 8 years) are approved. So clearly, this is not about security and it's just a thinly veiled excuse to exclude Android-based open source operating systems from such as GrapheneOS or LineageOS from being viable competitors as suddenly lots of apps refuse to work due to the lack of a Google stamp of approval, and this is not just limited to banking apps.

        This keeps alive the duopoly of iOS and Google Android (which is forced to have various Google apps preinstalled in order to pass Play Integrity) and artificially harms open source or de-googled competitors without any technical or security-related arguments to do so. It also means that European operating systems such as /e/ (https://e.foundation/) and iodeOS (https://iode.tech/) are disadvantaged due to Google's anti-competitive behaviour.

        So I would please ask you to hear out the arguments the GrapheneOS developers (and I hear also the microG developers) are bringing forth and not to be afraid of taking action against Google.

        This was just written in 5 minutes so probably far from perfect but I would encourage others to chime in and let the European Commission know what you think.

        It would be interesting if some actors will share the real reason why some apps decide to use Play Integrity API.

        Are they bound by the terms of their contract or are they being actively encouraged to add it when they are partner with Google...

        I'll just wait and see what happens.
        Then I'll decide how to proceed.
        Because it's often the same as always:
        Firstly, things turn out differently and secondly, not as you think

          • [deleted]

          zzz

          That was the most reading I've done on Mastodon in a long while, thanks for posting this.

          Stephan-P We've already previously been in contact with the EU Commission. They're not empty words and we don't expect they'll change their stance towards us on their own.

          This is amazing from GrapheneOS.

          Is there any way for me to directly support the legal action against Google?

            Dumdum Unfortunately, my banks have their check deposit function solely in their apps (i.e., can't do it from their web page). Neither of my banks have local branches.

            • Edited

            Murcielago Even if I can understand this step as a means of exerting pressure on Google- doesn't this ultimately weaken the security of devices with GrapheneOS too?

            Not necessarily. They can still patch security vulnerabilities in GOS without reporting them to be patched in AOSP.

            3 months later

            I read about this recent ruling in the US:

            Epic Games - the company behind the wildly successful multiplayer game Fortnite - has been chasing Google and Apple through the courts [...] for years, and last December, they prevailed in their case against Google.

            This week's court ruling is the next step in that victory. Having concluded that Google illegally acquired and maintained a monopoly over apps for Android, the court had to decide what to do about it. [...]

            For the next three years, Google must meet the following criteria:

            • Allow third-party app stores for Android, and let those app stores distribute all the same apps as are available in Google Play (app developers can opt out of this);

            • Distribute third-party app stores as apps, so users can switch app stores by downloading a new one from Google Play, in just the same way as they'd install any app; [...]

            https://www.eff.org/deeplinks/2024/10/court-orders-google-monopolist-knock-it-monopoly-stuff

            Does anyone know - will this positively impact the Play Integrity API issues discussed in this thread?

              zzz I don't think anyone knows as of yet. It's not even certain that this ruling will prevail. It might as well be overruled since they have Apple as a precedent (also mentioned in that article). Google in theory would only need to allow the devs to offer their apps on different stores. These devs already decide by themselves if they want to use the PI-API. If they want to continue using the Play Store and nothing else, this will most likely change nothing about it.
              The same situation can be seen with Apple's sideloading feature that barely anyone uses. We see nothing of the promised "revolution" that was to come for EU citizens. A big nothingburger.