this post was submitted on 07 Jun 2025
100 points (100.0% liked)

Privacy

38762 readers
786 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
k_o_t@lemmy.ml
tmpod@lemmy.pt
Yayannick@lemmy.ml
ranok@sopuli.xyz
100
What is the future of Google Play Intergrity APIs (and similar concepts)? Do you think we can find a way to bypass these, or is the future of the digital world just authoritarian and dystopian? (sh.itjust.works)
submitted 5 days ago by throwawayacc0430@sh.itjust.works to c/privacy@lemmy.ml
66 comments fedilink hide all child comments
top 50 comments
sorted by: hot top controversial new old
[–] haagch@lemmy.world 1 points 1 day ago

I recently bought a phone from Volla that ships with ubuntu touch. Somewhat painful, but entirely possible to use. I also backed the liberux indiegogo for a more modern proper mainline linux phone again.

I'm just not using any google play and ios exclusive apps and services anymore. Yea it's painful but if you want to see an ecosystem outside of google play and ios, you have to buy and use it. Just be prepared to be the 0.1% that literally nobody cares about. Like when traveling I can follow my ICE train schedule on the Deutsche Bahn website, but it will log me out and delete my entire state after 15 minutes or so of inactivity. Or a couple of years ago I saw that uber had a web app and at some point wanted to order one for a group. turns out when trying to finish the order (which you can't dry run), I got a generic error and someone with the app had to order. After uber sent me 125 marketing mails after that, telling me to order discounted food with uber eats, I think I finally unsubscribed (I only didn't earlier out of morbid curiosity).

Personally I live by just not using this stuff is better than being like "oh I need waydroid to run android in a container and use the reverse engineered reimplementation of google play, and also need to fake some stuff to pass integrity checks etc. to use an E-Scooter".

[–] beyond@linkage.ds8.zone 11 points 3 days ago

This might be a hot take but the best way to avoid or "bypass" onerous things like the "integrity API" is to opt out of the proprietary world as much as possible. Use exclusively free (Libre) software and technology where you can.

We should not be thinking in terms of how do we get proprietary crapware onto our free systems, because that defeats the purpose of a free system. The idea is to build an alternative to the proprietary world.

[–] Ulrich@feddit.org 12 points 4 days ago (1 children)

GrapheneOS is already working on it:

We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.

https://grapheneos.social/@GrapheneOS/114554622772349562

[–] zelnix@lemmy.ml 4 points 3 days ago

That's already released and only deals with recent changes. It doesn't fix apps using strong integrity challenges

[–] serenissi@lemmy.world 38 points 5 days ago (2 children)

IMO the only reason tech world can be authoritarian is people's negligence. Otherwise even if all major brands produce unhackable locked down hardware, people could boycott those and buy the one obscure open device (like pine64) and market force will force big names to revert.

Corporations do not have power by themselves. People refusing to think and understand gives them power. Same applies to mainstream politics.

[–] drspawndisaster@sh.itjust.works 29 points 5 days ago (2 children)

So unless I can convince my mom to install Firefox we're fucked.

...we're fucked.

[–] serenissi@lemmy.world 11 points 4 days ago* (last edited 4 days ago) (1 children)

yes. also your friends, not only mom.

(/s aside, most people of younger generations don't care as well, not only elderly less tech literate folks)

[–] drspawndisaster@sh.itjust.works 4 points 4 days ago

We are soooo fucked.

[–] FauxLiving@lemmy.world 4 points 4 days ago (2 children)

Unless you can convince them to get out of the 'surveillance for free stuff' market then they're fucked, not everyone.

You can choose to use free and open source software and sped time learning and putting together a system that benefits you. Or you can just sign up for Google, let them do all of the work in exchange for spying on you with every device that you buy and put in your house.

[–] drspawndisaster@sh.itjust.works 2 points 3 days ago

Oh I'm gonna dodge corporate bullshit at every opportunity, but they're also allowed to gather data on me simply tracking my friends and family

[–] Auli@lemmy.ca 1 points 3 days ago

I'm fucked either way. Big corporations control so much of the internet devices the chances are my stuff is going to them anyway.

[–] Auli@lemmy.ca 2 points 3 days ago

They have money which means they advertise which influences peoples decisions. As much as some people might deny it ads work.

[–] pinball_wizard@lemmy.zip 10 points 4 days ago (1 children)

Do you think we can find a way to bypass these,

Yes. Direct physical access always wins. A device in my hands is my device.

or is the future of the digital world just authoritarian and dystopian?

Yes. Many people aren't going to explore the solutions, or be willing to give up the convenience that comes with not changing what they're doing.

[–] utopiah@lemmy.ml 3 points 4 days ago (1 children)

A device in my hands is my device.

Could you then please help root the Meta Quest 3? So far I believe nobody managed.

[–] rumba@lemmy.zip 6 points 3 days ago (3 children)

We're a decade too early for open source vr.

That's not a VR headset, You bought an expensive Facebook paperweight.

load more comments (3 replies)
[–] FireIced@lemmy.super.ynh.fr 17 points 4 days ago (2 children)

I sadly believe we’re fucked

[–] AnnaFrankfurter@lemmy.ml 15 points 4 days ago (5 children)

We were fucked a long time ago it's just the effects showing now. But I hope the rebels at Graphene OS and other custom ROMs will find a way.

load more comments (5 replies)
[–] Auli@lemmy.ca 3 points 3 days ago (1 children)

We where fucked when the internet got consolidated into what five companies.

[–] FireIced@lemmy.super.ynh.fr 4 points 3 days ago

And them being in the USA as well

[–] catloaf@lemm.ee 29 points 5 days ago

If you can root your phone and use an xposed module, maybe. Or the EU forces them. Otherwise, there's not much option.

[–] Nicro@discuss.tchncs.de 19 points 5 days ago (2 children)

Well the idea of having attestation isn't the problem. The problem is that apps requiring attestation (banks, insurance providers, ID-systems) use the most convenient solution. Slapping on Googles prebuild attestation. Graphene for example, provides alternative attestation for their OS and offers docs for anyone to implement a more fitting set of checks.

There are two approaches here: If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data. Breaking those checks is then breaking those compliances in an unsafe way.

If you believe your setup is actually secure and compliant, just not in a way the allmighty Google intended: Try and get an attestation module for your setup. Fight for these apps to accept non-Google attestation and fight for devices that don't artificially limit what can pass as secure.

[–] koper@feddit.nl 26 points 5 days ago (3 children)

If you're upset that your hacked-to-bits, rooted, unlocked and/or unencrypted device is failing checks: I'd say, tough luck. Until we can create provably untampered app-containers, that level of access genuinely breaks TOS on apps and regulations on handling personal data.

Hard disagree. If you own the device, you should be in full control of what's going on. Sure, attestation can give some extra security, but that decision should be up to the user. Everything else is just excuses for user hostile DRM: platforms levaraging technology to secure their own profit margin against the interests of user.

[–] smiletolerantly@awful.systems 14 points 4 days ago* (last edited 4 days ago) (1 children)

Yyyyyyupp

"Oh no, this device is rooted! :(" Yes because I know what I am doing, now show me my account balance you stupid piece of ahit banking app.

[–] skarn@discuss.tchncs.de 7 points 4 days ago

Banking app: "Oh no, your device does not conform to Google's latest whim, terribly insecure, can't let you make a SEPA."

Baking website: "Opera on an outdated, pirated copy of Windows? Looks a-ok to me!"

load more comments (2 replies)
[–] Auli@lemmy.ca 2 points 3 days ago

What kind of bullshit is this. Breaks what regulations? You know everyone allows things to happen on a computer which guess what you have root access to and is "unsecure" This bullshit gets said so many times but it is not true.

[–] BenchpressMuyDebil@szmer.info 10 points 5 days ago* (last edited 1 day ago) (5 children)

I switched to a feature phone that has nothing to do with Android for calling (Mocor RTOS/S30+) because I'm tired of fighting Android for the moment. I keep an unrooted smartphone at home for online banking. Kinda extreme but that's one way.

load more comments (5 replies)
load more comments
view more: next ›