Google Play’s latest security change may break many Android apps for some power users. The Play Integrity API uses hardware-backed signals that are trickier for rooted devices and custom ROMs to pass.
Technology
75
Beiträge
46
Kommentatoren
10
Aufrufe
-
EU Antitrust when?
Nothing anti-trust about genuine un-rooted and un-modified devices having secure access to the play store.
It's when you lock out phones that come from Huawei/Oppo etc. because they are Chinese, that you might be able to make a point. -
Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.
What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.
Google can’t exactly make root access and custom ROMs easier to use in 2025.
Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.
They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.
Unlocked bootloader ≠ Root access.
-
Unlocked bootloader ≠ Root access.
Correct, but it is necessary to unlock the bootloader to gain root access without exploits.
-
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
The fuck did you just call me? Ill have you know im actually HUGE
-
This trend of being actively hostile toward your user base is so confusing to me.
That´s standard enshittification. They know they´ve got users locked in without any alternative.
-
This post did not contain any content.
Seriously, what is wrong with Google?
-
Seriously, what is wrong with Google?
Too big and entrenched
-
Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.
Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.
Just wait until they find another vulnerability, lol.
Many people use LineageOS and GraphineOS for security, privacy, and features that base Android simply doesn't ship.
-
Nothing anti-trust about genuine un-rooted and un-modified devices having secure access to the play store.
It's when you lock out phones that come from Huawei/Oppo etc. because they are Chinese, that you might be able to make a point.It absolutely is, forcing people to use one OS on their device is insane. Fuck Google, they can take my GraphineOS Pixel 9 from my cold dead hands.
-
This seems like it'll break things like revanced, which honestly makes me sad mostly for Duolingo
Really hope folks find a way of spoofing this too. I'm hoping to switch to a custom ROM in the future and this doesn't bode super well
At this point I'm leaving a paper trail in my comments. Sigh, I'll keep it short and sweet.
If you're using ReVanced to hack and get through Duolingo, then I think you should just drop the service. There are countless free resources out there that do a better job, and aren't predatory or make you hate learning. Duolingo is good for beginners and about a month or two of learning. Please let that app go, especially since the CEO thinks AI is a suitable replacement for the education system...
-
Nothing anti-trust about genuine un-rooted and un-modified devices having secure access to the play store.
It's when you lock out phones that come from Huawei/Oppo etc. because they are Chinese, that you might be able to make a point.Google using market power to push "trust" technology bound to their Play Services (which is one of the requirements for their "Android" certificate).
-
can confirm, I'm running GrapheneOS right now with F-Droid and some extra repos as my only app store, it works fine for me. but I don't use banking apps (web browsers do fine for that), and I'm using a de-Firebase-d version of Signal (Molly F-Droid) so no issues so far with no GMS and no SafetyNet.
edit: I should add that a new GrapheneOS update just released, this is in the release notes:
- disable anti-competitive code being injected by the Play Store into apps choosing to enable "App integrity > Automatic protection" when there's a valid Play Store source stamp signature (proving that it's an unmodified app from the Play Store, so we aren't disabling an integrity check) since it prevents using the apps on GrapheneOS when apps also choose to enable "App integrity > Store listing visibility" with either the "Device integrity checks" or "Strong integrity checks" values enforcing having a device licensing Google Mobile Services and running the stock OS (circumventing this is protected by the DMCA exemption for jailbreaking)
so it looks like the devs are actively working around this issue and making changes to allow those checks to pass even without the ROM licensing GMS.
The guys over at GrapheneOS removedslap Google regularly, and I love it.
-
This post did not contain any content.
Deleted
-
This post did not contain any content.
If they break custom roms my next phone will have iOS, not stock Android on it.
-
I've always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn't I don't need it. And its usually better because then I have more control (in firefox anyway).
For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.
Deleted
-
Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won't run your banking app, you probably won't buy it.
Deleted
-
Already does. Some apps just don't work. It'll notif. And say Google api failed to validate login to your Google account. Example app
EBay.Deleted
-
Deleted
No idea but that is one I know about. Apparently the list keeps growing of these API calls being denied or flagged.
-
If they break custom roms my next phone will have iOS, not stock Android on it.
So instead of completely using FOSS softwareonly, you just give in to the corps?
-
Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?
Long as you beware that F droid apps could be malware or some other kind of bad actors. It's a free range marketplace just be smart. Just because something is FOSS or open source doesn't mean it's free of bad stuff.
