Pro key unlock app is unavailable

Kaziq

Hi everyone. I'm new to GrapheneOS. Installed it just a week ago on Pixel 9. I have used only rooted Android devices before.

I'm having problem with one paid app, which worked perfectly fine on all my previous phones, but it doesn't on GOS.
The app is Sound Profile. It is protected with a companion pro key app. If the companion app is not installed, it's in trial mode.
I can install the base app without a problem, but the companion app is unavailable in Google Play Store. I was able to install it from Aurora Store, but the base app says it cannot use it unless it's installed from Google Play Store.

I've had a long discussion with the author of the app, sent him links to the GOS Attestation Compatibility Guide and Google Store listing visibility guide, but he insists it's Google's fault, because he is using the Googles protection against unauthorised distributions, and Google requires my system to pass all integrity checks to make the app available to me. He sent me this page: https://support.google.com/googleplay/android-developer/answer/10183279 and said he is unable to set which checks the phone must pass for the app to be available, it's Google's decision.

I'm not well-versed in Android development at all, so I don't know whether it's really Google's fault (or GOS'), or the developer is mistaken and he is able to do something while still keeping the anti-piracy feature enabled.
Or perhaps I can do something to make the app linked with Google Play despite the fact that it's unavailable for me there. Any ideas?

I'm confused with this, because precisely all other paid apps work just fine with GOS, and amongst them there is one that has a separate unlock key companion app.

patienttruth99

Kaziq I have at least one paid app that won't allow itself to be run if not installed from play store, but does work on GrapheneOS. (I tried to install it in my work profile with shelter instead of play store and it wouldn't launch).

There must be something about how it's listed, and what it's compatible with that's making it not show up for you. I also don't know much about the development end of things, but it doesn't seem to loose all the anti-piracy protection.

de0u

Kaziq I'm not well-versed in Android development at all, so I don't know whether it's really Google's fault (or GOS'), or the developer is mistaken and he is able to do something while still keeping the anti-piracy feature enabled.

The app developer doesn't control how Google's "anti-piracy" feature works. But the choice of whether to use Google's feature, and whether to base the app on different attestation code including GrapheneOS, is 100% his. Other apps have done it!

Meanwhile, it sounds as if you're a paying customer, in which case his "anti-piracy" choices are working out to be anti-customer in your case.

other8026

Kaziq he insists it's Google's fault

Kaziq I don't know whether it's really Google's fault (or GOS'), or the developer is mistaken and he is able to do something while still keeping the anti-piracy feature enabled.

It's complicated, but I'd say it's Google's fault. The Automatic Protection and Play Integrity "security" features are really checking two things: was the app installed using Google Play, and is the OS certified by Google where one of the requirements is GMS apps should be preinstalled and have privileged access. They're anti-competitive features that Google is passing off as "security" features.

Developers who really care about security would probably prefer their apps are running on a secure OS, like GrapheneOS, not some very insecure out of date OS on an insecure out of date device.

Kaziq Any ideas?

I'm not sure of how it all appears in the developer console, but they can disable Automatic Protection. Not sure, but they may also need to turn off integrity checks (do the opposite of this). To use the paid version of the app, the app will check Google Play for a valid license. They can at least know that the app was installed with Google Play in that case (since if it's not installed with Google Play it's not going to be licensed). It's my understanding that the license responses cannot be spoofed because they're cryptographically signed by Google.

In other words, Automatic Protection's only real purpose is to force users to install apps with Google Play, but that's required anyway to use the paid app. They get no real benefit from Automatic Protection.

Integrity checks are another way to restrict apps from running on devices not certified by Google. If you've paid, and the app verifies it's licensed, why do they care which OS it's on?

Kaziq

Thank you all for the responses. The argument that the key app checking license status with Google is protection enough seems reasonable. I will try to use it.