GrapheneOSWe strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.
If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.
Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.
These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.
Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.
Cosmic Excursionist@GrapheneOS seeing frequent hostility and drama come out of this account makes me want to switch off of GOS, despite really liking it. It makes me feel uncertain about the sustainability of the project and the character of people behind it. Hopefully the constant drama I am seeing doesn't represent the overall culture of the project. If not, please get someone else to manage the socials!
Bonsai861@cosmicexcursionist @GrapheneOS This is one of the reasons I'll be moving away from GOS with my next phone.
frutiger@bonsai861 @cosmicexcursionist @GrapheneOS You're going to abandon the most secure and private ROM because you saw internet drama you didn't like instead of just muting it...?
@frutiger @cosmicexcursionist @GrapheneOS I have muted them (they then blocked me anyway). It is only one of the reasons.
They might have the most secure AOSP ROM but they are also very insular and are actively discouraging collaboration that would remove dependencies on US-based big tech. I get the feeling they promote security at the expense of anything else.
My main reason to get GOS in the first place was to begin the process of removing my dependency on Google. That isn't the aim of GOS.
@frutiger @bonsai861 @GrapheneOS I don't have the time to personally vet every line of code I run. To an extent, my security depends on being able to trust the people and organizations building my systems. Security also isn't the only thing I value, I also value sustainability. I am also saying something because what I'm observing in my feed is a pattern rather than an isolated incident.