Edgar Cervantes / Android Authority
TL;DR
- Efforts like Graphene OS face increasing pressure from apps that refuse to run on non-standard Android.
- The custom ROM project characterizes Google’s approach to device attestation as incomplete and flawed.
- Graphene OS is prepared to take legal action if Google won’t let it pass Play Integrity checks.
Android users have plenty of good reasons for why they might want to replace their phone’s official software with a custom ROM. Perhaps they’re looking for some specific feature, or they have privacy or security concerns they fear aren’t being addressed by mainstream releases. Maybe they’re just looking for up-to-date patches after their phone’s own manufacturer stopped supporting the hardware.
But going this route also has its drawbacks, and software compatibility can sometimes fall by the wayside — a situation we looked at just last month, as Graphene OS hit a roadblock when users noticed that the multi-factor authentication app Authy was refusing to operate due to its reliance on the Play Integrity API. Back then, we looked at why it made practical sense for Google to be OK with this arrangement and not extend Play Integrity validation to custom ROMs like Graphene OS. But there’s another side to this story, and it sounds like frustrations in the community are starting to reach a breaking point.
Basically, Play Integrity is supposed to be a way for apps to verify they haven’t been tampered with, and that they’re running on a legitimate, trusted platform. After all, malware built into an OS (as could be possible from some sketchy custom ROM) could prove devastating with software like banking apps, leaving you unable to even trust what you’re seeing on your screen. But even when custom ROM projects are well-respected and take security seriously, as is the case with Graphene OS, Google has been clear that it’s just not interested in finding a way to make Play Integrity work with them.
Over on Mastodon, the Graphene OS team has been pointing out all the problems with Google’s approach and is not mincing words about it: “Play Integrity API is based on lies.” According to Graphene OS, the Compatibility Test Suite and Compatibility Definition Document requirements Google says are key to Play Integrity compliance are in practice routinely ignored, and the system easily bypassed.
For a group that’s trying to do things the “right” way, seeing that has got to be frustrating. And as the Graphene OS team points out, it’s not like apps don’t have other (arguably better) ways to prove what they’re running on. The project provides fingerprints for all the signing keys apps would need to verify Graphene OS devices through the standard Android hardware attestation API. The problem is, there’s no way to force an independent dev to go this route, and they may choose to stick with Play Integrity, as has been the case with Authy.
Where do custom ROMs go from here? To hear the Graphene OS team talk about it, that answer might be “the courtroom”:
Google can either permit GrapheneOS in the Play Integrity API in the near future via the approach documented at https://grapheneos.org/articles/attestation-compatibility-guide or we’ll be taking legal action against them and their partners. We’ve started the process of talking to regulators and they’re interested.
Considering all the interest we’ve seen from regulators in the EU to hold companies like Google responsible for the openness of the platforms they control, that could prove to be a very interesting process. Right now, these compatibility issues with custom ROMs don’t really have the same kind of outrage behind them as things like app store billing practices do, but that doesn’t mean that change can’t happen. And for the sake of everyone who likes running their phone their own way, hopefully, someone finds a path forward soon.
