GrapheneOSWe strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.
If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.
Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.
Luis Falcon@GrapheneOS @volla These type of divisive debates weaken the community and are the biggest gift to Google & Big Tech. We don't need fighting among the community. On the contrary, let's put the effort in building a large and diverse free/libre ecosystem in mobile computing.🤗
HybridStaticAnimate@meanmicio @GrapheneOS @volla GrapheneOS has taken steps to create a more private and secure ecosystem. These other organizations have not. They are welcome to begin pushing towards that at any time, but until then, they are actively working against it. You phrase your message as positive, but you are telling victims of harassment and other various crimes to forgive their attackers, and work together with scammers and liars. These scammers do not work towards the same goal and they are making it worse, not better.
What you ask is incredibly disrespectful, and neglects the reality of the situation in favor of empty platitudes and the illusion of making progress.