Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
GrapheneOS Profile picture
GrapheneOS
@GrapheneOS
Open source privacy and security focused mobile OS with Android app compatibility. Forum, Discord and Matrix: https://t.co/C0RaJbZosj

Oct 10, 2024, 9 tweets

@LysolPionex @Authy Sandboxed Google Play compatibility layer does not require using a work profile, user profile or Private Space for the apps to be sandboxed. They're sandboxed if you use them in your main Owner profile too. Putting it in a separate profile just keeps it a bit more separate.

@LysolPionex @Authy SafetyNet Attestation API was deprecated a while ago and is nearly entirely phased out. It was replaced by the Play Integrity API. Both of these things work fine with sandboxed Google Play. The issue is they largely exist to support services banning any non-Google-ceritifed OS.

@LysolPionex @Authy The weak Play Integrity API level used by most of the services enforcing it can be spoofed, but it requires pretending to be an old device without hardware attestation which they can detect and block with their Play Integrity API hardware fingerprinting. Enforcement is delayed.

@LysolPionex @Authy Doing this kind of spoofing would be quickly blocked if it was deployed in an OS with over 250k users where around half of those are using sandboxed Google Play and would be triggering the spoofing for the fingerprinting to detect. We can't solve this problem ourselves.

@LysolPionex @Authy App developers should stop banning using non-Google-certified operating systems. If they insist on still checking the operating system, they can follow our guide at to use hardware attestation for permitting using GrapheneOS in addition to the stock OS.grapheneos.org/articles/attes…

@LysolPionex @Authy It's unrealistic to get every app developer to do this or even most of them since they do not care and largely do not even understand what the Play Integrity API does. It's a fake security feature and being adopted as such to pretend to care about security, often by contractors.

@LysolPionex @Authy The solution is regulatory or legal action against Google forcing them to permit GrapheneOS to pass the device and strong integrity levels without us doing their restrictive certification with highly inappropriate requirements. Alternatively, the OS enforcement could be banned.

@LysolPionex @Authy It has nothing to do with security since they permit devices with 8 years of no security patches but not a much more secure OS than the most secure OS they certify. Google shouldn't get to choose where apps can be compatible based on their anti-competitive certification system.

@LysolPionex @Authy Regulatory action against Google stopping them from doing this is the solution. Legal action could be a substitute for that if governments continue being far too slow at acting on Google cracking down on any form of new mobile OS wanting Android app compatibility with this API.

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling