Google’s updated Play Integrity API

How can these people talk about "integrity" when they break real existing phones?

I call this the opposite of integrity.

This trend of being actively hostile toward your user base is so confusing to me.

This seems like it'll break things like revanced, which honestly makes me sad mostly for Duolingo

Really hope folks find a way of spoofing this too. I'm hoping to switch to a custom ROM in the future and this doesn't bode super well

on devices running Android 13 or later.

Sounds easy then: stay on the latest Lineage that does not incorporate A13.

While I wouldn’t say Google is actively hostile towards these power users,

Author is obviously sold out. Are they even trustable?

They project that they'll make more money by forcing people to accept surveillance so they can run their apps, even if they lose a few users and app developers by doing so.

One of the reasons to always cheer on (new) competitors and why we should give new companies a fair chance to establish something

I ain't clicking on an android authority article. Does anyone know if/how this would effect Graphene?

Already does. Some apps just don't work. It'll notif. And say Google api failed to validate login to your Google account. Example app
EBay.

Fuck Google Play

Interesting. If I just don't use any apps from the play store and only use stuff from fdroid with no play services I should see no issues though yeah?

The problem is that systems like this have strong network effects working in favor of the established options, nobody develops for platforms without users, nobody wants to use a platform without apps, development has more resources (existing libraries, tutorials, reference documentation,...) on existing platforms,...

Bit hyperbolic, don't you think? Rooted/Custom ROM users are so tiny, and they typically use security vulnerabilities to obtain root access. It's not exactly surprising that Google closes those vulnerabilities when it can.

Google can't exactly make root access and custom ROMs easier to use in 2025. It isn't 2010 anymore - as soon as rooting becomes easy again, and people are bypassing security measures you know the big orgs, copyright holders and children's apps will complain to the media and suddenly Google has a shitstorm to deal with.

Just wait until they find another vulnerability, lol.

Or is it rather your definition of security or vulnerability that is questionable.

Is there an alternative to Google Play, because I'm assuming it wouldn't matter as much if we had that.

It's about faking play integrity on devices without gapps.

Many devices, including Google's own Pixel devices have user-unlockable bootloaders. No security vulnerabilities are involved in the process of gaining root access or installing a third-party Android distribution on those devices.

What's going on here isn't patching a vulnerability, but tightening remote attestation, a means by which a device can prove to a third party app that it is not modified. They're selling it as "integrity" or proof that a device is "genuine", but I see it as an invasion of user privacy.

Google can’t exactly make root access and custom ROMs easier to use in 2025.

Sure they can. They're in a much stronger position to dictate terms to app developers than they were in 2010 when it was not yet clear there would be an Android/iOS duopoly.

They don't want to though, because their remote attestation scheme means they can force OEMs to only bundle Google-approved Android builds that steer people to use Google services that make money for Google, and charge those OEMs licensing fees. A phone that doesn't pass attestation isn't commercially viable because enough important apps (often banking apps) use it.

EU Antitrust when?

Their goal is to ensure OEMs only bundle Google-approved Android for which Google charges licensing fees and which funnels users into Google services. If a phone won't run your banking app, you probably won't buy it.

I've always been of the opinion that apps are almost always useless because there is usually a way to do it through a web browser and if there isn't I don't need it. And its usually better because then I have more control (in firefox anyway).

For example the youtube app is entirely unuseable but if I open firefox and use ublock and no script then suddenly I can actually use the website.