An open call to #Android #developers! The #EuropeanCommission needs help evaluating #GooglePlay's #security claims. I'm going to do what I can. Anyone with knowledge of how app installation, uninstallation, sandboxing, signing, etc. could really help here. If you want to contribute, please reach out!
@RandamuMaki We will, on our own.
@GrapheneOS Good to hear.
@RandamuMaki We raised the issue of the Play Integrity API at the recent meeting and plan to heavily push on that. We can debunk all of the attempts of misrepresenting checking for a Google certified OS as being a security check when it clearly isn't.
Android hardware attestation API works for alternate roots of trust and alternate operating systems. It's entirely possible for the EU to make a standard for security and require banking apps, etc. to stop forbidding devices passing that standard.
@RandamuMaki Google's standard for the 'security' check of the Play Integrity API is a device licensing Google Mobile Services, installing the app from the Play Store and the user being signed into a Google account. It's clearly primarily based around Google's business interests, not security. The hardware attestation API supports verifying the device, OS and app with higher security without any of these requirements. Play Integrity API is anti-competitive for the sake of being anti-competitive.
@RandamuMaki @GrapheneOS Someone who said they were from GrapheneOS posted an question in the online forum of the #DMAWorkshop. When the #Alphabet people dodged, I reformulated the question and asked in there in person. They dodged again, claiming they didn't know what #Google #PlayIntegrity and #GMS meant. Looks like calculated ignorance since those are key to their abusive, trust-building behaviors. #gatekeepers only send competition lawyers to #DMA events so they can dodge technical details.
@eighthave @GrapheneOS And they honestly believe we're the ignorant ones... Jeez. How more obvious can they get?
@eighthave two key projects where you might find experts on the subject https://opengapps.org/#aboutsection and https://microg.org/download.html
@copysent
cc @microg
and @larma @eighthave
@eighthave @kuketzblog interested?
@eighthave @GrapheneOS want to weigh in?