Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft just made this meme after seeing this
> The iOS comparison is revealing because Apple devices running iOS 16.4 or later complete the same verification without installing any additional apps. Google didn’t demand iPhone users install Google software to pass the test. Only Android users who refuse Play Services get locked out. The asymmetry reveals what this is really about: not security, but ecosystem control.
-
@nixCraft So you can't use Amazon Fire tables either?
That can be fun, lets see what Amazon does against this
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft then let's get rid of Android Phones and live to linux ones. If only oss contributors moved to linux mobiles and started to provide mobile apps for linux on mobiles it would change the world... ONG and public EU administrations would move, mobile constructors to avoid loosing critical customers would provide at least some phones with linux and Google would step back in the end.
-
According to the article you just don't have to have the Google Play Services on iPhone. Google only demands them for Android phones.
Tbh this feels like they're just trying to do a malicious compliance thing with the #DMA. They got slapped so they're trying the next thing...
-
@nixCraft then let's get rid of Android Phones and live to linux ones. If only oss contributors moved to linux mobiles and started to provide mobile apps for linux on mobiles it would change the world... ONG and public EU administrations would move, mobile constructors to avoid loosing critical customers would provide at least some phones with linux and Google would step back in the end.
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft can you spoof it with an updated browser agent string?
-
@nixCraft just finished reading it XD
Yes as the article said it. This is control over android, and probably degoogle phones will find a fix but it will force them to do suspicious things. -
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft Of course governments are ignoring Google's shenanigans, Google spends a lot of money on them.
-
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft If it doesn't work, pressure the website owners and bring down the captcha monopol.
Edit: It probably violates accessiblity requirements as well...
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft when will the new captcha be in production ?
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
Google slogan: Be REALLY Evil
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft so I guess there will be some website that I will not be visiting then.
Too bad for them.. -
R relay@relay.infosec.exchange shared this topic
-
@nixCraft then let's get rid of Android Phones and live to linux ones. If only oss contributors moved to linux mobiles and started to provide mobile apps for linux on mobiles it would change the world... ONG and public EU administrations would move, mobile constructors to avoid loosing critical customers would provide at least some phones with linux and Google would step back in the end.
Linux is a terrible option for general security, which is especially important for a device as personal as your phone. Nothing is encrypted and Flatpak's sandboxing is worse than Android 4.4 and grants broad permissions by default.
-
@nixCraft when will the new captcha be in production ?
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft The funniest part is that a lot of apps use Google libraries (which means most "degoogled" setups aren't actually degoogled) which can act like a copy of Play Services themselves, so those apps could be a viable option for verification if Google insists on an app, but Google's gotta have that invasive Play Services access, right?
edit: Blog post because the article above doesn't cite its sources:
Introducing Google Cloud Fraud Defense, the next evolution of reCAPTCHA | Google Cloud Blog
Today at Next ‘26, we’re launching Google Cloud Fraud Defense, the trust platform for the agentic web and the next evolution of reCAPTCHA.
Google Cloud Blog (cloud.google.com)
-
Google Broke reCAPTCHA for De-Googled Android Users https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users
Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them. Another day another Google take over the world, open web and mobile ecosystems. This battle seems to be lost already because governments are ignoring shenanigans of Google.
@nixCraft So, when you see the QR on your laptop, you'll need to scan it with your phone? I guess, this should reveal who (Google account) is trying to open the site.
-
@asterisk @nixCraft Linux is not terrible at all if setup properly. A linux with a decent Apparmor setup is really good for security.
Flatpak is a shame and Android too: It lets Whatsapp and LinkedIn apps slurp all the contacts without even blinking. All Android sandboxing currently just suck.
Only things like island work a little to isolate rogue apps. And nothing protect users from Google on Android. -
@asterisk @nixCraft Linux is not terrible at all if setup properly. A linux with a decent Apparmor setup is really good for security.
Flatpak is a shame and Android too: It lets Whatsapp and LinkedIn apps slurp all the contacts without even blinking. All Android sandboxing currently just suck.
Only things like island work a little to isolate rogue apps. And nothing protect users from Google on Android.@maat @nixCraft AppArmor and SELinux aren't really comparable to Android's ssndboxing model, which also handles app signing and certificate pinning.
Android's sandbox does not suck (bold of you to say when most Flatpaks can escape the sandbox by editing your .bashrc), Google just requires OEMs to bypass it for Play Services to obtain CTS certification (required to use the Android trademark). Alternate Android-based OSes are very secure (as long as they keep up with security patches, /e and iode do not). GrapheneOS's sandbox for it resolves this issue, letting you use it for apps that need it without security compromises.
A lot of Android's security also comes from verified boot (OS image is read-only and signed, bootloader checks the hash against the one burned in at manufacture or stored in the secure enclave at boot to ensure nothing is compromised) and a hardware secure enclave (which is not a TPM chip, its better)
edit: contact scopes (which GrapheneOS has had for ages) are coming in Android 17 to fix that issue.
-
@nixCraft So you can't use Amazon Fire tables either?
That can be fun, lets see what Amazon does against this
@agowa338@chaos.social @nixCraft@mastodon.social amazon dropped fiteos already.
