Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass.
Technology
75
Beiträge
46
Kommentatoren
10
Aufrufe
-
Already does. Some apps just don't work. It'll notif. And say Google api failed to validate login to your Google account. Example app
EBay.Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?
-
One of the reasons to always cheer on (new) competitors and why we should give new companies a fair chance to establish something
The problem is that systems like this have strong network effects working in favor of the established options, nobody develops for platforms without users, nobody wants to use a platform without apps, development has more resources (existing libraries, tutorials, reference documentation,...) on existing platforms,...
-
Google’s updated Play Integrity API
How can these people talk about "integrity" when they break real existing phones?
I call this the opposite of integrity.
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
-
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
Or is it rather your definition of security or vulnerability that is questionable.
-
This post did not contain any content.
Is there an alternative to Google Play, because I'm assuming it wouldn't matter as much if we had that.
-
Is there an alternative to Google Play, because I'm assuming it wouldn't matter as much if we had that.
It's about faking play integrity on devices without gapps.
-
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.
What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.
Google can’t exactly make root access and custom ROMs easier to use in 2025.
Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.
They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.
-
This post did not contain any content.
EU Antitrust when?
-
This trend of being actively hostile toward your user base is so confusing to me.
Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won't run your banking app, you probably won't buy it.
-
They project that they'll make more money by forcing people to accept surveillance so they can run their apps, even if they lose a few users and app developers by doing so.
I've always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn't I don't need it. And its usually better because then I have more control (in firefox anyway).
For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.
-
Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?
There's always a chance any app, even from fdroid, will require play services, but that's still highly unlikely. You should be fine with fdroid alone, yes.
-
This post did not contain any content.
Does this mean that Pirating Android games isn't gonna work very well in the future?
Welp, I guess I still have Unciv and pirated Ebooks to pass the time
️ -
This trend of being actively hostile toward your user base is so confusing to me.
Their user base is not who you think they are. The people you think are users are just assets, it's okay to be hostile to your assets
-
There's always a chance any app, even from fdroid, will require play services, but that's still highly unlikely. You should be fine with fdroid alone, yes.
can confirm, I'm running GrapheneOS right now with F-Droid and some extra repos as my only app store, it works fine for me. but I don't use banking apps (web browsers do fine for that), and I'm using a de-Firebase-d version of Signal (Molly F-Droid) so no issues so far with no GMS and no SafetyNet.
edit: I should add that a new GrapheneOS update just released, this is in the release notes:
- disable anti-competitive code being injected by the Play Store into apps choosing to enable "App integrity > Automatic protection" when there's a valid Play Store source stamp signature (proving that it's an unmodified app from the Play Store, so we aren't disabling an integrity check) since it prevents using the apps on GrapheneOS when apps also choose to enable "App integrity > Store listing visibility" with either the "Device integrity checks" or "Strong integrity checks" values enforcing having a device licensing Google Mobile Services and running the stock OS (circumventing this is protected by the DMCA exemption for jailbreaking)
so it looks like the devs are actively working around this issue and making changes to allow those checks to pass even without the ROM licensing GMS.
-
EU Antitrust when?
Nothing anti-trust about genuine un-rooted and un-modified devices having secure access to the play store.
It's when you lock out phones that come from Huawei/Oppo etc. because they are Chinese, that you might be able to make a point. -
Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.
What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.
Google can’t exactly make root access and custom ROMs easier to use in 2025.
Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.
They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.
Unlocked bootloader ≠ Root access.
-
Unlocked bootloader ≠ Root access.
Correct, but it is necessary to unlock the bootloader to gain root access without exploits.
-
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
The fuck did you just call me? Ill have you know im actually HUGE
-
This trend of being actively hostile toward your user base is so confusing to me.
That´s standard enshittification. They know they´ve got users locked in without any alternative.
-
This post did not contain any content.
Seriously, what is wrong with Google?
