Mastodawn

En god nyhed: Unified Attestation - et Google Play Integrity API alternativ er under udvikling, iniativ fra @volla og med deltagelse af blandt andet @murena!

https://uattest.net/

Brug det i din app, og fortæl din bank, mobliepay, digitaliseringsstyrelsen og alle mulige andre om det :-)

#engodting #opensource #alternative

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.

Show thread

Benjamin Lyng Jørgensen Mar 14

@anderslund @volla @murena fantastiske nyheder!

Show thread

GrapheneOS

@benjaminlj @anderslund Android already has a hardware attestation system open to everyone unlike this centralized system. Volla, Murena and iodé made a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS (@[email protected])

Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust. Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control. https://mastodon.social/@volla/116238706890314617

GrapheneOS Mastodon