RRZishe

  • Joined Jun 30, 2023
  • עם ישראל חי! 🇮🇱🇮🇱🇮🇱

  • I sent this email to ec-dma@ec.europea.eu

    You might have heard or received emails about the how Google Play Integrity is an anti-competitive, monopolistic product that is clearly against the intentions of the Digital Markets Act.

    One example for a news article talking about the issue: https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

    In short, Google will only certify "OEM" Android versions, pretending it's for "safety". The reality is a different one: actually safe systems, such as the aforementioned GrapheneOS, are excluded from getting Play Integrity approval, while ancient OEM Android versions as old as Android 5 (hasn't received any security updates in 8 years) are approved. So clearly, this is not about security and it's just a thinly veiled excuse to exclude Android-based open source operating systems from such as GrapheneOS or LineageOS from being viable competitors as suddenly lots of apps refuse to work due to the lack of a Google stamp of approval, and this is not just limited to banking apps.

    This keeps alive the duopoly of iOS and Google Android (which is forced to have various Google apps preinstalled in order to pass Play Integrity) and artificially harms open source or de-googled competitors without any technical or security-related arguments to do so. It also means that European operating systems such as /e/ (https://e.foundation/) and iodeOS (https://iode.tech/) are disadvantaged due to Google's anti-competitive behaviour.

    So I would please ask you to hear out the arguments the GrapheneOS developers (and I hear also the microG developers) are bringing forth and not to be afraid of taking action against Google.

    This was just written in 5 minutes so probably far from perfect but I would encourage others to chime in and let the European Commission know what you think.

  • Dumdum

    It's only going to get worse though. I even heard the McDonald's app of all things is requiring Play integrity...

    It's best to try and get Play Integrity regulated out of existence now than finding ourselves in a situation in a few years where only FOSS apps will still work.

    • There is no evidence that I know of that Proton is a honeypot. The times they gave user info to the authorities was when they were compelled to because of local laws and even then the info they were able to share was minimal.

      If someone wants to make claims otherwise, they need to provide evidence. Don't say "watch this documentary," because I don't have time to watch a documentary every time someone makes some claims here. People making big claims need to share links to a news article or trustworthy website to back up their claim.

      Unverified FUD / conspiracy theory, whatever claims will be removed. Repeatedly posting things like this will result in suspensions or bans.

      • [deleted]

      I see no evidence in your 'I feel like' claim. Also, what exactly makes you think that Proton is unreliable, while you use the iVPN logo as your profile image? Is it you trying to say that iVPN is far more trustable than Proton VPN?

    • Considering their track record I would say Proton is fine. Skepticism and intuition are valuable but only if you're also willing to follow it up with research and further understanding of what it is you're skeptical of.

    • I think that Proton is a reliable company, it seems quite obvious now. They just can't escape the law.

    • possible, but the same could be said for most vpns and digital security services. proton continues to pass independent audits. without any sort of evidence to subterfuge all there is is speculation, which doesn't do much good imo

      • I use this app for call duration (so i can bill my clients accordingly) I installed it using Aurora store. It reads the history and displays the duration per call. It does have some adds, but doesnt upload or analyse etc. You can even block network access, although it will slowdown startup time for the app considerably...

      • RRZishe Please excuse my ignorance, but how would I trigger this? How can I go into before first unlock stage?

        Turn the device off, or reboot it.

        If the auto-reboot option is on, the device will automatically reboot to BFU after being locked AFU for the indicated interval.

      • Lukas

        1. There aren't plans to do this exactly, but users will be able to filter for open-source apps if they want.

        2. Again, not exactly, but there will be indicators for when an app has ads, in-app purchases, a hard dependency on Play Services, etc.. There may also be something for data usage practices, but that isn't yet determined.

        • lberrymage I have a few questions.

          1. Will Accrescent allow to filter out proprietary apps? If yes, how it will make sure that there isn't any proprietary libraries in that app?

          2. Will there ever be something similar to F-Droid's Anti-Features?

          • AlphaElwedritsch Developer of Accrescent here. Yes, there are only a handful of apps available right now. The reason for this is that the recent focus hasn't been directed on getting more apps in the store, but instead on internal changes to allow Accrescent to include more features and scale to more users. It will be able to include more apps once more of those changes are implemented.

            • quick update. after several reinstall attempts, the app didn't prompt/remember my phone number and default sign-up with otp pin was working again. but the original error message persisted and multiple destination option was still not available. this was few days after my post and I left it at that.

              Installed latest version (4.529.10000), I no longer get the error message and multiple destination is now available for selection! guess the update fixed it.

              ps. not related to op's github issue but thought I'd provide an update.

            • The images that clarified the steps needed to fix this are no longer available. For anyone else struggling, first set the flag as described above. Then in regular Settings menu a choice named "Autofill Options" will be appear that has no icon. Tap on "Autofill Options" and you should see a toggle between "Default" and "Use other providers". Select "Use other providers" and restart Brave.

              • RRZishe I'm getting the same error, (presumably since latest update 4.528.10000) and after uninstalling/reinstalling, it seems to remember my login details as you mentioned. I downgraded to previous version 4.527.10000 to no avail.

                But my query relates to a missing functionality which is selecting multiple destinations (+ symbol). This could be directly correlated to the error message where it states certain app features maybe unavailable. Before I contact Uber support, I would like to know if others within the GOS community are facing similar issues.

                Thank you

              • RRZishe

                Regarding your problem with Github - that sounds like shadow banning. It happened to me once - I contacted their support and described my problem.

                If I remember correctly, the problem was solved quite quickly. They unbanned me and my issues were visible to others after a few days too.

              • RRZishe I never gave Uber access to my phone, contacts (only empty scopes)

                I have never used the Uber app. The documentation on the Play Store indicates it uses "Device or other IDs" and also "Personal info" including "Phone number".

                Since you have the app installed, can you report which API version it targets? Long-press on the app icon, choose "App info", then scroll to the bottom and report "targetSdk". This information is relevant because the GraphoneOS documentation I cited above on ANDROID_ID also indicates that in some cases deleting an app leaves data behind which a later reinstallation can access.

                Finally, if (as is plausible) the app is using ANDROID_ID, I think the way to reset that is to delete the profile (if it's a secondary user profile) or else factory-reset the device (if it's the owner profile).

                The Google Play page mentions fraud prevention. Uber may believe it's important for them to detect when the same person wants to create multiple accounts -- for example, if that is too easy then they can't really ban abusive users. So overall it may not be easy to get Uber to forget who has been using a device because they think it's important to their business for them to know when they can.