friend 🤖Dear @volla, @murena, and whoever else is behind the Unified Attestation initiative - why can't you support pinning-based attestation instead of your anti-competitive stance? Oh wait... I already answered my own question. Shame on you for claiming "freedom" in your marketing. You are definitely not about our freedom!
More context and more details in this thread: https://grapheneos.social/@GrapheneOS/116287040736213258
GrapheneOS (@[email protected])
If apps are required to verify the hardware, operating system and their app for regulatory reasons they should use an approach supporting arbitrary roots of trust and operating systems. Android already has a standard hardware attestation system usable for this. Android's documentation and sample libraries are biased towards Google by using them as the only valid root of trust and the API is biased towards stock operating systems but it's better than a centralized API. https://infosec.exchange/@rene_mobile/116286110700616525