@pallenberg moin, ich werde reinhören:-)

@lars klasse und danke dir

@pallenberg @lars Blöd ist, dass die #Mistral App neuerdings zwingend via #Google App Store installiert worden sein will. #ChatGPT und Konsorten aktuell nicht.

@liamthexpl0rer @pallenberg @lars @bruhein App developers can explicitly enable a Play Store feature for adding checks to their app to enforce installing it from the Play Store. It's not opt-out but rather opt-in. GrapheneOS removes these checks for apps with a valid Play Store source stamp so it's not an issue on GrapheneOS. We also plan to add a similar feature to work around apps checking if they're installed from the Play Store themselves with a Play Store source stamp check for security.

@liamthexpl0rer @pallenberg @lars @bruhein Similarly, app developers can explicitly choose to set their Play Store apps as requiring the Play Integrity API basic, device or strong integrity level for installation. GrapheneOS passes basic integrity and the rest can be worked around by using another Play Store frontend. It's quite pointless for apps to do this unless they actually enforce the Play Integrity API for their services which most using it don't do. Neither of these things is a big deal.

@liamthexpl0rer @pallenberg @lars @bruhein Apps enforcing the Play Integrity API device or strong integrity levels for their services is what actually matters. That prevents using anything other than the stock OS on a device licensing Google Mobile Services unless sketchy approaches are used to trick the checks with spoofing. Strong integrity level can only be tricked with leaked keys. Both those tiers of checks are improving and they detect / block spoofing happening at scale in multiple ways.