| ▲ | aaronmdjones 13 hours ago |
| > Am I understanding correctly that [...] What I took away from the thread is that they're against services forcing attestation in general, and also pointing out that Play Integrity isn't about security, but rather about control, because Google could trivially make it work with GrapheneOS (which is more secure than any other Android OS on the market) but they won't. |
|
| ▲ | CharlesW 13 hours ago | parent | next [-] |
| > …Google could trivially make it work with GrapheneOS (which is more secure than any other Android OS on the market) but they won't. But if Google did support third-party attestation, would the GrapheneOS Foundation be happy? Most of the thread seems to be a call for attestation to die, which feels impractical and unachievable. But "Google could use it to permit GrapheneOS for Play Integrity if that was actually about security" seems to be the real ask, and that seems reasonable and achievable. If that's true, I think it would’ve been more effective to lead with that and focus on it. |
| |
| ▲ | microtonal 13 hours ago | parent | next [-] | | Why should Google decide which devices are safe enough to pass remote attestation? Seems to me that if we want this at all, it should be an independent body that approves signing keys of vetted vendors (e.g. vendors roll out security updates timely, etc.). As long as this is in Google's hands, they can abuse it to control the market. That said, Play Integrity accepting GrapheneOS would be a step forward, but they will never do it, because then other vendors might also want to pass attestation without preloading Google apps. | | |
| ▲ | Hoodedcrow 12 hours ago | parent | next [-] | | > Seems to me that if we want this at all, it should be an independent body that approves signing keys of vetted vendors (e.g. vendors roll out security updates timely, etc.). This is also a horrible idea. If an OS can be vetoed for untimely security updates, it can also be vetoed for not having something like clientside scanning. | |
| ▲ | foltik 11 hours ago | parent | prev [-] | | Then you’re just replacing one DRM cartel with another. What would even be the criteria for approval? Pinky promise to not let the end user have full control of their own device? That’s all “integrity” really means in practice. Don’t be fooled by appeals to security. |
| |
| ▲ | thomastjeffery 12 hours ago | parent | prev [-] | | No. That would be a relatively better circumstance, but we would still have the root problem. > Most of the thread seems to be a call for attestation to die, which feels impractical and unachievable. I disagree, and I expect GrapheneOS devs do, too. Hardware attestation is a new thing, that isn't even really here yet. It absolutely can and should meet its demise. |
|
|
| ▲ | Haemm0r 12 hours ago | parent | prev [-] |
| It is not only about Google. Its also about the App developers.
Nothing prevents them to use the non-google attestation, however they decide not to use it (for many reasons).
First time you actually notice this is when you installed GrapheneOS (attestation OK and bootloader locker) and some apps complain about a modified/rooted/... device.
Another thing is, that you are warned by your Google device while booting that something is "not OK". |
