Some things have to be activated manually or everything is automatic

    I've got DeepL sending me a notification to tell me that it's using the Play Integrity APIs. What would be the best practice in this kind of case?
    https://postimg.cc/bDF4Xcjp

      Stewart The new workarounds for apps banning GrapheneOS are always enabled. No need to enable them. There's a new Play Integrity API notification which tells you when apps use it. Apps can use it without using the result to ban using a non-stock OS so it doesn't imply anything is going to be broken when the notification is shown. There's a new per-app menu for configuring the Play Integrity API linked from that notification with the option to block it in case the service allows using it without giving a Play Integrity API result. Most services will require giving a result, but a small number of apps will likely become usable via blocking it based on the service not enforcing providing a result.

        Stewart If it works fine, you can simply hide the notification. It means there's a high chance the app is going to ban using a non-stock OS in the future. If it works fine right now, it likely means they're only enforcing basic integrity rather than Google certification via device/strong integrity.

          Top thanks for the explanations, as usual, well done to the GOS team for this update.

          Just installed on my Pixel 8a. All is running fine untill now

          GrapheneOS
          Dang.... Thank You Guys!

          It warms the heart to see your attention to hardened_malloc/libdivide and Sandboxed Google Play.

            Just installed this build from alpha-channel on P8 and toggling exploit protection compatibility mode doesn't work in private space for any app.

              Berlino Just installed this build from alpha-channel on P8 and toggling exploit protection compatibility mode doesn't work in private space for any app.

              Can't reproduce on a 6a. Could you describe what you mean by "not working"? Such as, does "not working" mean that the toggle doesn't toggle, or that something crashes…?

                  fid02
                  When toggling the compatibility mode, a dialog pops up for cancellation or proceeding. Hitting proceed doesn't toggle to 'on'-position. This only hapoens in Private Space for me.

                      Are there any plans in a future update to display the list of apps using the Play Integrity API in the settings, as in app exploit protection for example?

                        Stewart there is a list available. click the notification, I was able to find a list of apps that ever used Play Integrity.

                          Whatsapp uses Play Integrity but works when blocking it.

                          Does blocking Play Integrity protect privacy in any way? Like does it reveal some private information otherwise?

                            missing-root No, it doesn't protect privacy in any way. The reason we added a toggle to block it is because some apps send a result to a service and disallow having a non-stock OS but they work fine if it's unavailable such as due to a networking issue and doesn't provide any result. Blocking it resembles what would happen if it couldn't connect to Google's service due to a network issue.

                                Berlino It's a regression that's being addressed by the next release. This release wasn't moved to Beta because of it. You can work around by launching Settings from the Private Space. It only happens with Settings launched from Owner for apps in a work profile or Private Space.

                                  I like this one. because unfortunately it keeps bothering me...

                                  disable standard Android feature holding a 10 minute screen wake lock after the screen brightness is raised at least 2 times within 5 minutes since this is confusing for users and it's far better if keep awake is done explicitly

                                  Will this then be configurable?