GrapheneOS4d ago

Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

https://mastodon.social/@volla/116238706890314617

Show threadGrapheneOS4d ago

Unified Attestation will permit using products from the companies involved in it while forbidding using arbitrary alternatives. They clearly aren't going to enforce reasonable security standards since their products wouldn't meet those. The whole purpose of the system is to permit their products regardless of merit and convince banking/government apps to adopt it.

There's nothing neutral or fair about a system controlled by companies approving their own products while disallowing other options.

Show threadGrapheneOS4d ago

Companies forming an anti-competitive cartel providing a service which permitting their products and while disallowing others isn't legal regardless of how they market it. It's not legal when Google does it with the Play Integrity API and it's not legal when it's Volla, Murena and iodé doing it.

We won't be participating in a system which gives these companies veto power over app compatibility on GrapheneOS. These companies will not be given the power to make arbitrary demands of GrapheneOS.

Show threadGrapheneOS4d ago

We've been talking back and forth with multiple regulators over the past several years about the Play Integrity API to have action taken against it. Unified Attestation is a massive disruption to our efforts and will get in the way of having regulators take action against this. We've also been considering filing a lawsuit against Google over the Play Integrity API.

Unlike Google, the companies involved in Unified Attestation don't have massive resources to defend their anti-competitive system.

Show threadSobri | Zoe (she/her)4d ago
@GrapheneOS why do we even need them? Like for every other platform, we have a system of just signing executable files. Why can't we do that here? Like have the developers sign their APKs and then keep that signature through the download process and then have like a way to just easily check if that signature is like who actually made it.
Show threadRTG-powered Vel

@cutesobri system attestation checks if the system is "secure" (well, usually that's the purpose), not if the app is authentic

@GrapheneOS

Mar 16 at 4:17pmWeb
Show threadGrapheneOS4d ago
@risc @cutesobri It does check that the app is genuine but in order to do that it has to check that the hardware, firmware and operating system is genuine and it needs to be an operating system not permitting modifying or changing the behavior of the app in relevant ways without it being possible to detect it. The whole reason that it's verifying the hardware and OS is in order to prevent changing how the app works. Preventing the user changing the app is the focus, not protecting from malware.
Show threadGrapheneOS4d ago
@risc @cutesobri It's primarily promoted as protecting from malware but that's not the genuine primary purpose. It doesn't actually provide any significant protection against malware. Nearly none of the companies using it are willing to ban using devices with years of missing security patches, but they're willing to ban using alternatives. Unified Attestation is an attempt by the 3 companies involved to form a new anti-competitive, centralized system where they're the ones benefiting from it.
Show threadSobri | Zoe (she/her)4d ago
@GrapheneOS @risc that makes sense