UnifiedAttestation: European, open source Google Play Integrity alternative on the horizon, could impact banking & government apps. - Lemmy.World

cross-posted from: https://lemmy.world/post/44736295 [https://lemmy.world/post/44736295] > A consortium consisting of multiple interested parties including Murena, i.e. /e/ OS, iodéOS, and Volla, is working on an open source alternative to the Google Play Integrity API, which is to be offered on smartphones that are not running a Google-certified Stock ROM. > > For those who do not know, the Google Play Integrity API is Google’s official security and anti-abuse framework that lets Android apps verify that they are running on a genuine, i.e. unmodified device, installed from Google Play, and not being tampered with. > > Sadly, this framework tends to discriminate against Custom ROMs, i.e. operating systems that are not running Google’s apps and services, no matter their actual device security state. > > Full Google Play Integrity is tied to the ROM being certified by Google, and running Google apps and services - many banking and government apps make use of it right now. > > ___ > > The consortium around UnifedAttestation wants the new framework to rest on three foundations: > > it will be part of the operating system, apps can add support for it with a few lines of code > > operation of the validation service will be decentral > > an open test suite for checking and certifying operating systems on specific devices > > ___ > > The whole thing will be open source, developed under the Apache 2.0 license. > > Developers of Scandinavian government apps have already indicated interest, considering the project a first mover for Europe. > > ___ > > Personal comment: I think it’s good that there is now validation service for government & banking apps that is not tied to Google’s infrastructure, and more crucially does not require Google’s apps and the Play Services to be installed.