One of the reasons to always cheer on (new) competitors and why we should give new companies a fair chance to establish something

I ain't clicking on an android authority article. Does anyone know if/how this would effect Graphene?

Already does. Some apps just don't work. It'll notif. And say Google api failed to validate login to your Google account. Example app
EBay.

Fuck Google Play

Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?

The problem is that systems like this have strong network effects working in favor of the established options, nobody develops for platforms without users, nobody wants to use a platform without apps, development has more resources (existing libraries, tutorials, reference documentation,...) on existing platforms,...

Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.

Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.

Just wait until they find another vulnerability, lol.

Or is it rather your definition of security or vulnerability that is questionable.

Is there an alternative to Google Play, because I'm assuming it wouldn't matter as much if we had that.

It's about faking play integrity on devices without gapps.

Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.

What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.

Google can’t exactly make root access and custom ROMs easier to use in 2025.

Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.

They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.

EU Antitrust when?

Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won't run your banking app, you probably won't buy it.

I've always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn't I don't need it. And its usually better because then I have more control (in firefox anyway).

For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.

There's always a chance any app, even from fdroid, will require play services, but that's still highly unlikely. You should be fine with fdroid alone, yes.

Does this mean that Pirating Android games isn't gonna work very well in the future?

Welp, I guess I still have Unciv and pirated Ebooks to pass the time ‍️

Their user base is not who you think they are. The people you think are users are just assets, it's okay to be hostile to your assets

can confirm, I'm running GrapheneOS right now with F-Droid and some extra repos as my only app store, it works fine for me. but I don't use banking apps (web browsers do fine for that), and I'm using a de-Firebase-d version of Signal (Molly F-Droid) so no issues so far with no GMS and no SafetyNet.

edit: I should add that a new GrapheneOS update just released, this is in the release notes:

• disable anti-competitive code being injected by the Play Store into apps choosing to enable "App integrity > Automatic protection" when there's a valid Play Store source stamp signature (proving that it's an unmodified app from the Play Store, so we aren't disabling an integrity check) since it prevents using the apps on GrapheneOS when apps also choose to enable "App integrity > Store listing visibility" with either the "Device integrity checks" or "Strong integrity checks" values enforcing having a device licensing Google Mobile Services and running the stock OS (circumventing this is protected by the DMCA exemption for jailbreaking)

so it looks like the devs are actively working around this issue and making changes to allow those checks to pass even without the ROM licensing GMS.

Nothing anti-trust about genuine un-rooted and un-modified devices having secure access to the play store.
It's when you lock out phones that come from Huawei/Oppo etc. because they are Chinese, that you might be able to make a point.

Unlocked bootloader ≠ Root access.