@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity.
-
@danieldk @khw @vollaficationist @celeduc @GrapheneOS @guilg @EUCommission
germany is particularly nasty regarding anyone speaking out against genocide and 80 years of war crimes by Israel
staatsrason they call it
@rapsneezy
Germany is indeed very nasty regarding denying the Holocaust or Antisemitism.
And that's Staatsräson. -
@meowki @vollaficationist @GrapheneOS Most banking apps work well on GrapheneOS; check out this list : https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/
The attestation compatibility guide is a good, neutral approach that is not controlled by a centralized authority : https://grapheneos.org/articles/attestation-compatibility-guide
Unified Attestation threatens the compatibility of apps for developers who refuse to participate in their illegal cartels. This seriously undermines the efforts of a project like GrapheneOS, which strives to make as many Android apps as possible compatible with a truly secure and privacy-respecting operating system, one without user accounts, AI, age verification, client-side analysis, or any default Google services nor any other tech companies, etc
We need to support it because there’s no one else doing what GrapheneOS does.
@Xtreix I still think it’s an issue that google play services is required for this to work. We need an alternative to this.
-
@Xtreix I still think it’s an issue that google play services is required for this to work. We need an alternative to this.
@meowki It would be great if banking apps could work without Google Play Services; that said, keep in mind that on GrapheneOS, you install Play Services and Google Play as standard, non-privileged apps that run in the hardened sandbox.
This is a significant difference compared to stock Android, where Google Play Services runs as a system app with elevated privileges that you cannot control. MicroG works in the same way and is often mistakenly presented as a more private alternative to Google Play Services.
What cross-app sandboxing doesn't protect is communication between apps based on mutual consent. If you install Instagram and Facebook on the same profile, the apps still only have access to what you authorize them to access, but since they belong to Meta, they could exchange telemetry data with each other.
To stop this, the solution is to use a system-wide secondary profile, which offers excellent isolation but is somewhat cumbersome to use, or the private space, which provides less robust isolation but is easier to use. This decision really depends on your threat model and whether or not you consider plausible communication between these applications to be acceptable.
GrapheneOS usage guide
Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
GrapheneOS (grapheneos.org)
-
R relay@relay.infosec.exchange shared this topic
