Mastodawn

Leave a 1 star review for Volkswagen's apps on the Play Store asking them to stop banning GrapheneOS. Explain it's a far more secure operating system and fully possible for them to verify the hardware, OS and their app on it if they insist on doing it. It's far more secure than anything they allow.

Google has misled companies about what the Play Integrity API provides. It doesn't genuinely enforce having a secure device or legitimate app, it only pretends to. It leaves huge security holes open. It enforces Google's business interests and bans having a reasonably secure device with GrapheneOS.

Most companies are unlikely to stop using the Play Integrity API but most are willing to start permitting GrapheneOS via hardware attestation with enough pressure.

In addition to every user of their app on GrapheneOS leaving a 1 star review on the Play Store, multiple other steps can be taken too.

Every GrapheneOS user with one of their cars using the app should file a customer support request. Keep answering them and countering the template responses. Escalate the request higher up. Tell them you want money back for the vehicle due to reduced functionality after the fact and insist on it.

They can trivially stop enforcing the anti-security and anti-competitive Play Integrity API or easily add hardware-based verification of GrapheneOS. Link to https://grapheneos.org/articles/attestation-compatibility-guide in the customer support request, but don't add any links to Play Store reviews to avoid filtering.

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.

GrapheneOS

A bunch of apps have added explicit support for GrapheneOS due to pressure from our users. Our userbase is rapidly growing and we'll gain the ability to apply massive pressure to companies doing this. We plan to ship a feature for our Info app for people to opt-in to getting asked for their help.

GrapheneOS is production quality OS from a non-profit paying around 15 people to work on it. It's far more secure than anything supported by the Play Integrity API. We have an official partnership with Motorola and we'll have more. Just counter template responses and insist on compensation or a fix.

Erik Ellsinger 4d ago

@GrapheneOS Kia app stopped working on graphene after the latest update though :/

Erik Ellsinger 4d ago

@GrapheneOS latest update to the kia app that is

spacebug 4d ago

@ellsinger @GrapheneOS maybe contact Kia about it? Might be a bug or something else not intended

Erik Ellsinger 4d ago

@spacebug @GrapheneOS I will if it persists, just haven't had time

@ellsinger @spacebug Kia app is meant to work now but the anti-tampering stuff done by these apps is fragile and they might have broken it again.

Erik Ellsinger 3d ago

@GrapheneOS works now after the latest graphene os update!

wod0bow 4d ago

@GrapheneOS
Yes! GrapheneOS is great! The Team behind it too... But it is good to mention, that it is AOSP based... And AOSP code is not just 15 people work.
Simmilar to OxygenOS or NothingOS. It is more like distribution than the separate OS. Realy good, polished and hardened distribution of Android.
GrapheneOS, OnePlus or Nothing are still havy based on AOSP and the changes/patches that are for all Android OS'es and that are not a result of only 15 people work.
P. S. I apriciate your work!

@GrapheneOS Done ✅

@Alex2ander It would likely make sense edit it to be more directed to them as a request instead of talking about what they should do for other people reading it. It's fine as is though.

Alex ✅4d ago

@GrapheneOS Hi Team,
Please reconsider your Play Integrity API policy to allow secure custom operating systems like GrapheneOS.
GrapheneOS fully supports hardware-backed remote attestation and production-signed builds. It is often more secure than stock Android. Relying on strict Google integrity tiers blocks privacy-conscious users while creating a false sense of security, as it doesn't guarantee a vulnerability-free device.
Please adjust your app policy to permit verified, secure hardware.

Alex ✅4d ago

@GrapheneOS Done ;)

slackline :emacs: :orgmode:4d ago

@GrapheneOS Looking forward to see what comes from your work with Motorola (current and past phone have been Motorola for last nine years).

Interested to hear what other collaborations are in the pipeline too.

Frank 3d ago

@GrapheneOS your words

Jerome 2d ago

@GrapheneOS But can Motorola partner with GrapheneOS without being kicked out by Google from their ecosystem? I understood that Google required that all their stuff was installed on all Android phones from a given manufacturer?
I'd be happy if that is wrong, though.

GrapheneOS 2d ago

@dl2jml Google doesn't directly require that but they do make it hard for Motorola to sell devices with GrapheneOS. It doesn't mean it can't be fully worked around. It's also worth noting that Google's licensing model for Google Mobile Services is clearly highly illegal and has already been found to be illegal by the courts in multiple countries including South Korea. Samsung has their own unique agreement with Google now without the same restrictions and other countries should force the same.

Jerome 1d ago

@GrapheneOS So, technically I am wrong but only a little bit. Thank you for the answer!

F. to t he G 4d ago

@GrapheneOS i dont know If the Fairphone 3 is supported, but i would love to Switch to graphene, after the Support ran out

@BigDvsRL GrapheneOS is not an OS to use on end-of-life devices. It's a production quality OS with far stronger privacy and security than standard AOSP and especially regular Android devices.

Fairphone 3 is an insecure device on an insecure end-of-life Linux kernel branch for years already. Fairphone misses many standard privacy or security patches. The ones they provide come many months late. It was also missing important hardware-based security features at launch and is missing far more now.

F. to t he G 3d ago

@GrapheneOS yeah, noticed that after googling 😓

flotmjor938382 4d ago

I didnt understand what you meant by the opt in feature you explained. Do you care to explain more in depth what you meant?

With kind regards

@flotmjor938382 Our Info app will have toggles to opt-in to receiving different kinds of requests for help from us such as requests for help testing certain apps, carriers, etc. We could make it so people can opt-in to receiving a request for help testing if their carrier is on a list of carriers we need help testing with through the Info app checking if it's relevant to them. Similarly, it could detect if people can help with testing an app or pressuring the app devs to unban GrapheneOS.

flotmjor938382 3d ago

I see, sounds like an good idea if the resources are their.
Thank you for the reply.

Mastoli 4d ago

@GrapheneOS Done.

troitregrouloinu 3d ago

@GrapheneOS I'm a daily user of GrapheneOS and love it, but services adding GrapheneOS keys is barely a better situation, it is still massively anticompetitive.

GrapheneOS criticizes the e/os/ UnifiedAttestation cartel, but pushes for the same thing?

Remote Hardware Attestation has nothing to do with actual security (verified boot has).

The solution is not technical, it's political, we need to ban Remote Hardware Attestation. Maybe under some Anticompetitive laws we could have a chance?

Frank 4d ago

I don't use #spotify much and I'm even thinking about deleting my account soon

But lately, I've noticed this little "Play Integrity API usage" window whenever I use Spotify on GrapheneOS

Is this something to be worried about?

SkyBlitz 4d ago

@frank @GrapheneOS it'w why i bought my music and now use syncthing to sync them.

now they cannot block my music anymore

Frank 4d ago

@skyblitz @GrapheneOS

Spotify isn't blocked or anything, but I just don't exactly know what it is.

This windows shows up the moment I hit play.

Lately, I've been thinking about deleting Spotify and use NextCloud music instead.

SkyBlitz 4d ago

@frank @GrapheneOS if i where to guess, they implemented it but "yet" not enforce it to catch bug, and later they will enforce it and will stop after an update.

so if you want to maintain it, it's now to report the issue.

but i decided another road, exported the name of all my music, and bough all of them.

Matt 3d ago

@frank It's nothing you need to worry about as long as the app is satisfied with the result and continues to work. But from what I see at friends' Spotify is enshittifying at record pace, so even without considering the company's investment in AI weapons or their treatment of artists it's a good idea to ditch it.
@skyblitz @GrapheneOS

SkyBlitz 3d ago

@menos @frank @GrapheneOS at the end of the day i buy what i could from bandcamp so artist win more on my purchase that anything any of my subscription would have given them.

for older artist with pocket full of money i hunted physical disk that i have ripped.

and the rest from quobuz.

if and only if i didn't find them on purchase legally, i had been a little more innovative from the where i found them.

Edit: only 1 music is in this last case, that is a little more exotic.

thomas 4d ago

@GrapheneOS
More generally, the point of this kind of attestation in the general public is always to enforce developer's interests *against* the user. Often also anti-competitive. Even if they supported GrapheneOS at some point, general OS development would still be blocked. And even you as GrapheneOS would make yourselves dependent: They can always threaten you to withdraw attestation if they don't like your future plans for even better privacy protection against their abuse.

Klaus Frank 4d ago

Or you just say that you got a "NitroPhone" by your employer and that their app doesn't work on it. That phone is just a google pixel with GrapheneOS preinstalled and white labeled.

Don't get technical, just be a dumb user that doesn't know more than their app doesn't work on your phone you bought.

That typically works best.

Klaus Frank 4d ago

If one of their execs then googles what a NitroPhone is they'll find this product page: https://shop.nitrokey.com/shop/nitrophone-10a-988#attribute_values=134,124,250

and similar listings that explain all of the security benefits and clearly advertise it to high security business customers.

So they'll just tell their tech departments to make it work there :p

(It did work for banking apps for me, so...)

NitroPhone 10a

shop.nitrokey.com

Klaus Frank 4d ago

Oh and also funnily Volkswagen is listed as one of the customers of NitroKey, so their execs probably at least already know the company name. Therefore you've basically already a foot in the door that way too.

Sebastian Eichholz 4d ago

@GrapheneOS done

@GrapheneOS Done.

The same company known for using bad software in their cars? Shouldn't they already have one star? 🤣

Iris Young (he/they/she) (PhD)3d ago

@GrapheneOS jsyk this is pretty solidly within the definition of harassment and possibly could get you in legal trouble (not a lawyer, not legal advice) and of course reputational damage.

I've been really concerned with adversarial behavior and negative comments being the entire activity of this account, to be frank, and I really think you should reevaluate what you're doing here. I unfollowed some time ago and am pondering a mute or block if this keeps getting boosted into my feed.

Frank 3d ago

@GrapheneOS not because of you... Just because the car has bad software

F 4d ago

@GrapheneOS
I think you might have answered this before, but is there any way to make your OS look different to applications to circumvent the ban?

@zm No, there's no feasible way to do that. They're mostly using the Play Integrity API to ban using anything not certified by Google. It's highly resistant to bypassing the checks at scale and uses hardware-based attestation when available. Strong integrity level fully requires hardware-based attestation which can't be spoofed but rather would require leaked keys which can be revoked after detecting it via fingerprinting. The currently more common device integrity level partially requires it.

@zm We do regularly work around apps incompatible with our privacy and security protections or very rare cases where apps have specifically banned GrapheneOS. We can't realistically do anything about the Play Integrity API device and strong integrity levels from technical angle. It would be very fragile and would keep breaking even if they didn't directly stop us doing it, but they would since they directly detect and counter spoofing that's being done at scale.

Everything involves a lawyer and lobbiests. Does google's APIs count as a monopoly in your country - that is the first place I would look. However you are looking at large lawyer bills to prove it.

McNeely 4d ago

@GrapheneOS oh snap thanks for sharing! This is literally the rain I stopped using custom ROMs for a few years

Herman 🇪🇺🇺🇦🇾🇪🍋4d ago

@GrapheneOS Just don’t buy Volkswagen.

@Herman People already bought those cars and need them to stop banning GrapheneOS so a pressure campaign is needed. It worked with other companies and will work again.

donamasta 4d ago

@GrapheneOS they lost a potential customer.

Kerplunk 4d ago

@GrapheneOS
Hyundai and Kia added official GrapheneOS support to their apps months before Volkswagen banned GrapheneOS:

I honestly do not care about VW, my last customer experience was utterly horrific.

That company, Never ever again.

n_to 4d ago

@GrapheneOS I've been working as an external consultant for Volkswagen and they can't tell their arse from their elbow. No sane decisions will be made in their companies. (Nothing against the DEVs there. Fine people. But their management could fill several volumes of Dilbert-comics.)

@n_to They'll change their mind about this after their app gets tens of thousands of legitimate 1 star reviews and their customer support system is thoroughly clogged with legitimate support requests from their customers demanding compensation for banning GrapheneOS.

Claire McNab 4d ago

@GrapheneOS It seems that a decade after Dieselgate, some people have not quite twigged that VW is a conspiracy of monsters. It's not even as if there was something new in the whole concept of German industrialists doing really really shitty things with gases.

Don't buy VW. OK?

Brad Macpherson 4d ago

@2legged @GrapheneOS Hitler's Revenge keeps on revenging...