#playintegrity — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #playintegrity, aggregated by home.social.
-
CW: Google's New Monopoly Over the Web (re: reCaptcha & Play Integrity)
Wait, so reCaptcha can now require that you have an iPhone or an Android phone with Google Play Services?
This is really really bad. :neocat_sad: And, what's worse, is it seems nobody is talking about it.
For anyone unfamiliar, Apple's App Attest and Google Play Integrity are "hardware attestation" which uses a hardware lockout to verify that you device is 'valid' and not tampered with. It sounds like good security in theory, until you think about it for more than two seconds. It effectively means that, in order to have a 'valid' device, you need to be approved by either Apple or Google. As such, it doesn't work with non-Google Android ROMs like GrapheneOS, /e/, LineageOS, etc. Once your device isn't considered valid by Play Integrity it locks you out of hundreds of apps, effectively giving Google complete monopolistic control over Android.
This change to reCaptcha brings that same monopolistic control to the web. If you thought you could be above the Apple/Google duopoly in some way, congratulations, it's officially impossible. You have to own a Google Play-certified phone or iPhone in order to use the internet in 2026.
For anyone hoping the European Union will step in, I wouldn't hold your breath.
-
Google’s new QR-based reCAPTCHA ties web verification to Play Integrity and Apple attestation systems instead of traditional CAPTCHA check 🌐
Privacy-focused Android variants like GrapheneOS and LineageOS risk losing access as device approval becomes part of web authentication 🔐#TechNews #Google #reCAPTCHA #Captcha #GooglePlay #PlayIntegrity #GrapheneOS #LineageOS #Privacy #OpenWeb #Android #Security #FOSS #Telemetry #Web #Freedom #OpenSource
-
Google’s new QR-based reCAPTCHA ties web verification to Play Integrity and Apple attestation systems instead of traditional CAPTCHA check 🌐
Privacy-focused Android variants like GrapheneOS and LineageOS risk losing access as device approval becomes part of web authentication 🔐#TechNews #Google #reCAPTCHA #Captcha #GooglePlay #PlayIntegrity #GrapheneOS #LineageOS #Privacy #OpenWeb #Android #Security #FOSS #Telemetry #Web #Freedom #OpenSource
-
Google’s new QR-based reCAPTCHA ties web verification to Play Integrity and Apple attestation systems instead of traditional CAPTCHA check 🌐
Privacy-focused Android variants like GrapheneOS and LineageOS risk losing access as device approval becomes part of web authentication 🔐#TechNews #Google #reCAPTCHA #Captcha #GooglePlay #PlayIntegrity #GrapheneOS #LineageOS #Privacy #OpenWeb #Android #Security #FOSS #Telemetry #Web #Freedom #OpenSource
-
Google’s new QR-based reCAPTCHA ties web verification to Play Integrity and Apple attestation systems instead of traditional CAPTCHA check 🌐
Privacy-focused Android variants like GrapheneOS and LineageOS risk losing access as device approval becomes part of web authentication 🔐#TechNews #Google #reCAPTCHA #Captcha #GooglePlay #PlayIntegrity #GrapheneOS #LineageOS #Privacy #OpenWeb #Android #Security #FOSS #Telemetry #Web #Freedom #OpenSource
-
Google’s new QR-based reCAPTCHA ties web verification to Play Integrity and Apple attestation systems instead of traditional CAPTCHA check 🌐
Privacy-focused Android variants like GrapheneOS and LineageOS risk losing access as device approval becomes part of web authentication 🔐#TechNews #Google #reCAPTCHA #Captcha #GooglePlay #PlayIntegrity #GrapheneOS #LineageOS #Privacy #OpenWeb #Android #Security #FOSS #Telemetry #Web #Freedom #OpenSource
-
Good to see a POC that shows how useless security-wise is the Play Integrity:
Android LPE using DRAM bitflip => https://bsky.app/profile/retr0.id/post/3mljtyauw322d
A requirement to get any security protection with the Play Integrity is that attackers can't bypass it on any device.
As soon as an attacker can bypass it, it is possible to distribute app clones (fake banking app) that proxy-pass the Integrity requests to a controlled device, defeating the Play Integrity.
On the other side, how many users are locked-out of critical services because of the Play Integrity? For legit users, any non-trivial workaround is a blocker.
Play Integrity is not about security, but about coercition, Google's tool to impose their conditions: eg. forcing OEM to preinstall their apps, some with privileges (Chrome, Youtube, Play Services, etc)
-
CW: Rant / Banking+Root / App-Zwang
Hatte das Thema die Tage schon. Hat mich halt Zeit gekostet für vglw. ernüchterndes Ergebnis 😶
Banken mit TAN/ #OnlineBanking ohne #AppZwang muss man suchen.
Würde gerne solche Annehmlichkeiten wie Bezahlen mit dem Handy nutzen, oder #AndroidAuto. 👀 Aber halt datensparsam. 💁Hab intensiv versucht die #PlayIntegrity auszutricksen. Zwecklos 🥲
Install mehrerer #Magisk Module. Dann sowas: Öffnet Link zu #Telegram Channel, gehst zurück und siehst das am Log-Ende 😵 -
RE: https://wolnoscwkieszeni.pl/unified-attestation-europejski-odpowiednik-play-integrity/
Po dłuższej przerwie na blogu wylądował nowy wpis o Unified Attestation.
Jest to europejski odpowiednik Play Integrity, czyli centralny system atestacji urządzeń. Ta inicjatywa producenta smartfonów Volla jest promowana jako uniezależnienie się od Google. Jednak czy uniezależnienie się od jednej korporacji ma polegać na uzależnieniu się od innej?
Temat dość istotny z punktu widzenia niezależności i konkurencyjności mobilnych systemów operacyjnych, a nie zauważyłem żeby przebił się do polskich internetów.
Ps. Kto znajdzie w tekście easter egga? 😉
#unifiedattestation #playintegrity #volla #murena #eos #iodeos #grapheneos #android
-
Unified Attestation – Europejski odpowiednik Play Integrity.
Ostatnimi czasy w wolnym (as speech, not as turtle ;) ) internecie dość mocno wrze, głównie za sprawą działań, które śmiało możemy nazwać zamachami na naszą prywatność. Najgłośniejszym echem odbijają się tematy domykania Androida przez Google, czy powracający jak bumerang Chat Control. W całym tym zgiełku mógł nam umknąć pomysł stworzenia europejskiego odpowiednika Play Integrity. Unified Attestation, bo o nim będzie mowa, to inicjatywa europejskiej firmy Volla przy współpracy Murena (/e/os) oraz iodé.https://wolnoscwkieszeni.pl/unified-attestation-europejski-odpowiednik-play-integrity/
-
Ohne #Google #PlayIntegrity auf #Android oder ohne #Apple #iOS #appattest funktioniert das #EUDI-Wallet nicht.
Das heißt doch, versierte Entwickler*innen, denen #Security wirklich wichtig ist, werden kaum Anwendungen bauen, die mit dem #Wallet des @bmi arbeiten, oder?
Also: insgesamt werden die Bürger*innen künftig eher weniger starke IT-Sicherheit auf dem #App Markt finden, oder?
Ist das denn das Ziel der @Bundesregierung, hat sie irgendwie Angst vor Bürger*innen, die ihre Daten gut schützen können? 🤔
#Digitalisierung #wallet #id #authentication #bmi #eu #datenschutz
-
@manuel il problema non è #Jolla. Il problema è proprio #AppIO che non dovrebbe esistere in questa forma:
1) non dovrebbe richiedere #PlayIntegrity
2) non è riproducibile/ricompilabile quindi è di fatto #SoftwareProprietario e #softwareprivativo
3) dovrebbe poter girare "ovunque": #Linux #BSD, #haiku eccetera
Per come è implementato #noAppIO
Lo stesso vale per app di banche e CieID -
Na stronie GrapheneOS pojawiła się nowa sekcja z listą aplikacji, które celowo odmawiają działania pod tymże systemem. Są to aplikacje, które sprawdzają kompatybilność z zależnym od Google 'Play Integrity API' (zamiast bezpieczniejszej sprzetowej atestacji androida) i w przypadku jego braku odmawiają uruchomienia. Twórcy GOS zachęcają do pozostawienia w sklepie Play adekwatnych opinii.
https://grapheneos.org/articles/attestation-compatibility-guide#apps-banning-grapheneos
#playintegrity #playintegrityapi -
#mastoiuto che moduli usate per fixare #playintegrityapi io uso il modulo di chiteroma ma sembra abbia bisogno anche di questo https://github.com/5ec1cff/TrickyStore #android #playintegrity
-
@lorenzodisasterpiece
Idem per #revolut , #AppIO , le app delle banche eccetera. È ora di rifiutare le app che pretendono la #PlayIntegrity Api "forte".
Personalmente se un servizio non è accessibile attraverso il "web standard", sono **molto** restio ad usarlo
@mac89 @skar3