Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.

Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.

Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.

If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.

Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.

These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.

Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.

@GrapheneOS Also ich weiß ja nicht, was in euren Köpfen vorgeht aber: Ob die Menschen Murena, Volla und Co nutzen wollen oder GrapheneOS nutzen, dass sollen die user selbst entscheiden ..... Das ihr euch untereinander nicht leiden könnt okay, sei es drum, aber so ne Aussage abzuliefern ist unterhalb der Gürtellinie..... Da muss man sich als GrapheneOS User ja für eure Aussage regelrecht fremd schämen .... Nur weil ihr nun mit Motorola euch zusammengetan habt, heißt es noch lange nicht das ihr euch so überheblich ablästern müsst ..... Meine Meinung

@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.