GrapheneOSWe strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
🌸 Ⓐnarkitty lumi-nhac 
@GrapheneOS what the fuck. that is absolutely horrifying
remote attestation is a technology that has no good uses. it's just drm
everyone should have the freedom to run whatever they want on their own devices. this freedom should never be taken away and it should be enshrined in law that it can never be taken away
someone else should not be able to decide whether my device is "secure" enough for their purposes. this is reverse security. the os needs to boot securely and the attestation chain should go upwards, with each stage verifying the ones on top of it. not this opposite world bullshit
remote attestation is a technology that has no good uses. it's just drm
everyone should have the freedom to run whatever they want on their own devices. this freedom should never be taken away and it should be enshrined in law that it can never be taken away
someone else should not be able to decide whether my device is "secure" enough for their purposes. this is reverse security. the os needs to boot securely and the attestation chain should go upwards, with each stage verifying the ones on top of it. not this opposite world bullshit
@lumi Android's hardware-based attestation API would not cause these issues if it only had the pinning-based attestation we use as the basis for Auditor and omitted root-based attestation. The issue is having attestation roots which determine which hardware and operating systems are valid. Hardware-based attestation can be provided without any centralized authority determining which hardware and software is valid. It would still provide nearly all of what our Auditor app uses without roots.
@lumi We support hardware-based attestation based on pinning for protecting users against attacks. Root-based attestation has extremely weak security due to depending on the entire ecosystem of devices not having vulnerabilities enabling leaking keys chaining up to the root. Pinning-based attestation can be used as a very strong security feature. Check out our Auditor app. It does use the root-based attestation for first verification but it would provide most of what it does without it.
@GrapheneOS does this mean, if i build grapheneos myself and flash it on my device, i could still run all these applications?
and i mean without contacting any third party or anything like that
edit: woops. replied to the wrong post. was meaning to reply to the latest one. sorry
and i mean without contacting any third party or anything like that
edit: woops. replied to the wrong post. was meaning to reply to the latest one. sorry
@lumi GrapheneOS supports the Android hardware-based attestation API. The API itself is a neutral approach which can support arbitrary roots of trust, non-stock operating systems verified based on verified boot key fingerprint and also has pinning-based attestation based on a proposal we made to Google before they stopped collaborating with us. Pinning-based attestation can be used with or without chaining up to a root for bootstrapping trust. It could exist without root-based attestation.
@GrapheneOS so, if i built my own aosp rom, or decide to use an emulator run an aosp rom (for compat reasons, not security), could i pin my own certificates, to make (unmodified) apps work on my device without complaining?
@lumi Apps don't use the hardware-based attestation API directly in practice by rather using a service like the Play Integrity API choosing what's allowed. Unified Attestation is a group which wants to use hardware-based attestation to choose what's allowed themselves. We don't think hardware-based attestation should be used to choose which operating systems are allowed and also don't agree with this specific group of companies selling insecure products adding vendor lock-in for themselves.
@GrapheneOS yeah, i agree. if it's my device, i should be able to do whatever the heck i please