What do people even do in there ?

In France some banks illegally force users to use the banking application to approve online transactions as a security feature.

They could implement OTP as an alternative but they don't because they are lazy.

Time to get downvoted to oblivion.

I see a lot of people questioning why Google would do this and the answer is pretty simple.

Google created a tool a long, long time ago which was meant to make sure traffic from a device was "legit". This tool is 100% optional and app developers can use it if they would like. However, the tool was easy to bypass, so over the years Google has been making the tool harder and harder to bypass.

This article is just sharing news that Google is once again making this tool harder to bypass.

So why is Google doing this? They are doing this because they don't want their tool to be bypassable. Their tool is worthless if it can be bypassed.

The tool in question here is the Play Integrity API (previously known as the SafetyNet Attestation API). This is a tool that is offered to app developers that app developers can take advantage of if they want. The selling point of the tool is if you have operation in your app that is critical, you can try to prevent some abuse by verifying that the app is running on a "trusted build of Android" and that the app itself has not been modified from the original. That's all the tool does.

This isn't a new API. This isn't something Google is trying to force app developers to use. No. From Google's point of view, they are just making sure their tool does it's job properly.

As for why companies might choose to use this tool, a big reason is because Android is a huge target for fraud. Apple has locked all their stuff down so it is much harder to commit fraud on iOS (not impossible though). Although Apple offers something similar, there is generally less fraud coming from iOS devices vs Android. It's the double-edged sword of having a more open platform.

Companies are obviously not going to be happy to be the target of fraud so they have to weigh their options. Either they block a small percentage of their users that are possibly legit by implementing Play Integrity API or they risk losing a % of their income to fraud.

Now you can disagree with the tool's job, I'm not trying to argue whether the tool is good or bad. That is extremely subjective, but hopefully this answers why Google is making this change.

Wasn't this on Pixels already?

Troja has been impossible to conquer. Until.

The reason I felt forced to iOS. No more choice. No more GrapheneOS or CalyxOS for me.
Or at least that would make my life very difficult. National ID authentication, banking apps had stopped working.

GG Google. Destroy what made Android.

Yeah except that bot farms already use hardware that will pass the checks, unlike regular harmless users who will get hurt by this. Google comes after the good guys

RIP banking apps and Mc Donalds on GrapheneOS

This has nothing to do with FOSS, of which plenty exists on iOS

I have yet to see a FOSS ROM for IOS devices. Or like any FOSS app I use, like Etar, a free version of Sncthing, a Retroarch with at least the same functionality as on android, a browser that dosent use WebKit, and a terminal emulator or at least a free fully featured vim app that can access my full storage.

Also, they can't break Costum ROMs, since AOSP is Open Source.

Also, since none of my devices can run AltStore in order to validate side loaded stuff every 14 days, I have to get everything from the App Store, since AltStore is kinda dead

And also I want to develope my own apps, but I neither have an Apple Desktop, noir do I have 99€ a year to pay for Apples Private key.

TL;DR: Even with Gservices, Android is still just better then iOS since you can just Root it and disable tracking stuff (or not root it and just disable the tracking apps but not Gservices)

Which ones? I've been on Boursorama, CA and SG, and they all provide SMS 2FA if you don't want to use the app.

It depends which local branch. CA and the Caisse d'Epargne lied to me about it. BoursoBank is good though.

I have zero problems with this on Lineage. ?? No spoofing either, just Lineage.

on devices running Android 13 or later.

Sounds easy then: stay on the latest Lineage that does not incorporate A13.

This isn't viable. You can't run an older android version than a device ships with and eventually older hardware will become obsolete enough that it won't be able to connect to current gen mobile networks.

For now, sure, you can run android 12 on an older device and bypass integrity easily, but sooner or later that won't be viable.

Stares at rooted A13+ phone passing 2/3 integrity checks

It's possible, but it's annoying.

Those are the wrong integrity checks

No, they're absolutely not. Check out tricky store and play integrity fork to see how we're faking a trusted environment on custom and rooted roms. You can pass new device integrity with a valid unrevoked keybox on A13+ and new strong on <A12.

It's a new stage in the arms race for sure but it's still possible to bypass until all of the keys used to sign keyboxes are revoked.