Przejdź do głównej zawartości
RE: https://mastodon.social/@fsfe/116131145887510612

@volla has initiated the industry consortium #UnifiedAttestation for an open-source alternative to Google Play Integrity. That will be a game-changer. All major European OS producers are joining. We have a golden opportunity now to boot out Google.

Free Software Foundation Europe

2026-02-25 11:57:38


#KeepAndroidOpen

The :fsfe: FSFE signed an open letter addressed to Sundar Pichai, CEO of #Google, regarding Google's announced policy requiring all #Android app developers to register centrally with Google to distribute applications outside the Google Play Store.

https://keepandroidopen.org/open-letter/


An Open Letter to Google regarding Mandatory Developer Registration for Android App Distribution

Open Letter to Google Regarding Mandatory Developer Registration for Third-Party App Distribution
keepandroidopen.org
#unifiedattestation @Volla
GrapheneOS
Unified Attestation is the direct opposite of keeping Android open. It's an anti-competitive centralized system putting Volla and other companies selling devices working with them in control of which devices and operating systems people are allowed to use. It's the direct opposite of open. There's nothing neutral or fair about companies approving using their products while disallowing others. Unified Attestation needs to be stopped.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

2026-03-16 15:19:34


Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

mastodon.social/@volla/1162387…

@volla@mastodon.social:
🔐 Introducing: Unified Attestation
An open-source project for verifying the integrity of Android apps—as an alternative to Google's Play Integrity.

The goal is to make apps such as banking and payment apps usable on independent Android systems without relying on Google services.

We invite developers, ROM projects, and app providers to get involved.

uattest.net/

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle


GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS Which companies are "disallowed" to partake in #UnifiedAttestation? You have formally and informally been cordially invited. As are any and all other OS manufacturers. Please, let's ease the tone. What about a constructive talk? I believe we should support one another wherever possible and meaningful. Considering the vast market potential, we have all much to gain. Some will choose GOS, some VOS, etc. It's a big cake. Let's ditch Google - unified. Good day!
#unifiedattestation @GrapheneOS
GrapheneOS
Unified Attestation includes multiple companies hostile towards GrapheneOS. They've spent years misleading people about GrapheneOS and making attacks on our team. Unified Attestation gives them veto power over app compatibility on GrapheneOS. It puts them in a position where they can harm GrapheneOS with unreasonable requirements and disingenuous concerns to reduce app compatibility. It's also clearly an illegal anti-competitive cartel and participating wouldn't be legal.
GrapheneOS
Unified Attestation is nothing more than an anti-competitive power grab via a centralized service sitting on top of Android hardware attestation. There has yet to be any valid explanation for why this has been created. It would be entirely possible to have neutral organizations certifying devices and publishing those certificates as signed data usable with Android hardware attestation. There's no valid reason to have a centralized service under the control of these companies.

GrapheneOSudostępnił to.

HowToPhil (Phillip R)
@GrapheneOS There's no reason to stop people from running Android on "non-certified" devices at all
@GrapheneOS
GrapheneOS
Volla and the other companies involved in Unified Attestation are anything but neutral. They're selling products and are in no position to fairly evaluate devices for security or to come up with those requirements. These companies should not be the ones choosing requirements and determining which devices and operating systems meet those requirements. Forming a cartel with other companies to lock out everyone else isn't legal. We won't be participating and it WILL be stopped.
Vollaficationist
@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.
@GrapheneOS
GrapheneOS
GrapheneOS won't participate in any system which requires us to delay our releases while waiting for certification. That's inherently anti-security and is completely unacceptable. We also won't give any companies or organizations veto power over app compatibility on GrapheneOS. It's a horrible idea and we're not going to let it happen. We won't participate and we'll file a lawsuit over the fact GrapheneOS is being banned by companies selling products threatened by GrapheneOS.
GrapheneOS
The EU has been passing laws working towards banning end-to-end encryption and secure devices. It's completely unacceptable to have an EU-based system controlling which hardware and software is allowed to be used. GrapheneOS is not going to participate in bringing about our own downfall through helping to build or legitimize a system which could be used by EU governments to ban GrapheneOS. Play Integrity API should be banned rather than giving it legitimacy making another one.

Aral Balkanudostępnił to.

GrapheneOS
Android hardware attestation can already be used to permit arbitrary roots of trust and arbitrary operating systems. There's no need for a centralized system based in Europe built on top of it.

It would be better if root-based attestation didn't exist because it's fundamentally insecure for anything serious and primarily useful for anti-competitive and authoritarian purposes. Pinning-based attestation is what's useful for protecting users rather than controlling people.

Aral Balkanudostępnił to.

GrapheneOS
We've been actively fighting against the Play Integrity API for years and now. Unified Attestation is another anti-competitive system very similar to it. We're absolutely going to fight against it as much as we have been against the Play Integrity API. Android hardware attestation is an issue itself due to being primarily designed around root-based attestation. We convinced them to add proper pinning-based verification support to make it a real security feature for our usage.

2 użytkowników udostępniło to dalej

GrapheneOS
In Operation Trojan Shield, a bunch of European states worked with the FBI to sell backdoored devices to organized crime. They marketed these devices as being based on GrapheneOS or as running GrapheneOS. They harmed the reputation of GrapheneOS by marketing it to criminals and put us at high risk of physical harm by violent criminals. More recently, multiple European states are attacking actual GrapheneOS falsely claiming it's mainly used by criminals.

https://darknetdiaries.com/episode/146/

ANOM – Darknet Diaries

In this episode, Joseph Cox tells us the story of ANOM. A secure phone made by criminals, for criminals.
darknetdiaries.com

GrapheneOSudostępnił to.

GrapheneOS
Europe passed Chat Control and it's clear many of the countries involved are going to be pushing additional laws to further crack down on end-to-end encryption and secure devices. France has come out as by far the strongest opponent of privacy technology among European countries and is where both iodé and Murena are based. Why would we want to participate in a system where the EU can ban GrapheneOS if we don't comply with authoritarian laws cracking down on secure devices?

GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS I can not relate to this, unfortunately. I focus on an opensource alternative to googlag. Looking forward. Positively, constructively. Let's say UA becomes a success. Well, GOS is free to do their own thing. As are everyone else.
@GrapheneOS
GrapheneOS
Unified Attestation is working towards eroding people's rights within the European Union and beyond. Play Integrity API is bad enough but at least it can be fought against in Europe by taking advantage of people not wanting a US company in control of which hardware and software they're allowed to use. Unified Attestation is directly undermining our efforts to fight against the Play Integrity API in Europe which were starting to get traction. We now have to focus on UA instead.

GrapheneOSudostępnił to.

Dźwiedziu
Just be careful that it doesn't become OpenTorment or LibreNexus.

@GrapheneOS
@GrapheneOS
nelson abel - hombre vivo
@GrapheneOS las practicas de los gobiernos como la coersion y violencia también son usados por los delincuentes... Así que deberían eliminarse también los gobiernos... Los cuchillos y armas de fuego también... Los bates de béisbol también lo usan...y no los han eliminado... La amenaza de daño si no les das un porcentaje muy alto de tu valor es usado por gobiernos y estos no han sido eliminados aun...etc...
@GrapheneOS
anon_4601
True.
I’ve read articles in Italian & Dutch outlets talking about the ‘danger’ of GrapheneOS, falsely claiming it's a phone for criminals. Some articles mentioned the new European Digital Wallet for storing IDs and payment cards; countries like Italy announced it wouldn't work on non-standard operating systems, only stock Android, iOS and GarminOS (all American companies). Some banks have lobbied against GrapheneOS and rushed to publish articles taking a similarly accusatory tone.

In fact, these are campaigns led by the far right. They are the same people pushing for age checks on all OSs in the U.S., the same Nazis who pushed in the EU for ‘Chat Control’—who, in the name of combating pedophilia, were prepared to launch a ‘Stasi 2.0’ rather than look at those Epstein files...

This just goes to show that I made the right choice in opting for GrapheneOS... the day I’m forced to use something else will be the last day I’ll ever own a phone.
Ten wpis został zedytowany (3 miesiące temu)
GarretSidzaka
@GrapheneOS
If they did this, the entire Trojan Shield OP was just pre-work to ban GrapheneOS....not arrest criminals.
@GrapheneOS
Vollaficationist
@GrapheneOS Will you really? And you didn't Google? Now I'm actually really getting worried about the status of GOS. Well, I wish you the best.
@GrapheneOS
GrapheneOS
Yes, we'll file a lawsuit against each company involved in Unified Attestation for the damages done by their anti-competitive cartel to GrapheneOS. It's likely not only going to be us filing this lawsuit. We can work with many other stakeholders interested in stopping creeping authoritarianism in Europe eroding people's right to use whatever hardware and software they want to use. You're working alongside politicians pushing expanded Chat Control. This is perfect for them.

GrapheneOSudostępnił to.

Guillaume
@GrapheneOS Funny how you don't answer on the Google-part. Why don't you attack them since they control the whole Android ecosystem, making it a mess to anyone to do things different and are pushing to close it even more. Last time you replied you just said Google has more money for lawyers...
@GrapheneOS
GrapheneOS
@guilg We've been actively fighting against the Play Integrity API for years. We were making substantial progress in both Europe and India. We've also been coordinating with multiple other companies towards filing a lawsuit against Google. Unified Attestation is an enormous gift to Google helping to legitimize what they're doing with the Play Integrity API. Volla is playing into the hands of authoritarians who want systems disallowing people using arbitrary hardware/software.
@Guillaume

GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS @guilg So, years with no fruit.
@GrapheneOS @Guillaume
GrapheneOS
@guilg Substantial progress has been made with regulators. Separately from that, we convinced over a dozen apps to stop using the Play Integrity API. You're actively sabotaging all of these efforts.
@Guillaume
Vollaficationist
@GrapheneOS @guilg That's not substantial. That's a dozen. We aim higher, muuuch higher. UA will v also need to work with app-devs. That's the way it is.
@GrapheneOS @Guillaume
GrapheneOS
@guilg Very few apps have adopted the Play Integrity API. Convincing a dozen banking apps not to adopt it is very substantial. You're actively sabotaging both our efforts to convince apps not to ban using arbitrary operating systems and also our efforts to convince regulators to stop the Play Integrity API. You're actively working against what we are and yet you think we're going to want to participate. We do not want a group of EU companies in control of this either.
@Guillaume
Chuckles
@GrapheneOS @guilg it's an ugly deal that the @EUCommission has made with the tech giants in exchange for #ChatControl and #DigitalOmnibus
#chatcontrol #digitalomnibus @GrapheneOS @Guillaume @European Commission
Vollaficationist
@celeduc @GrapheneOS @guilg @EUCommission Volla develops not only devices or OS, or AI and more. It's also developing a new ecosystem as well as an infrastructure. Full decoupling. A fully, autonomous communications system. GOS is a hundred thousand miles from this, right. They do googlag-ware and now even Moto, lol.
@GrapheneOS @Guillaume @Chuckles @European Commission
GrapheneOS
@celeduc @guilg @EUCommission Volla sells white labelled devices from an ODM. Your devices don't come close to the security of an iPhone or Pixel. You're making extraordinarily inaccurate attacks on the GrapheneOS project. We're absolutely working on building alternatives to the functionality provided by Google Play and much more. We're actively collaborating with other projects sharing the same goals and approach we have. Volla does not share our goals or approach.
@Guillaume @Chuckles @European Commission

GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS @celeduc @guilg @EUCommission I hoped you'd come to this. GOOGLAG is better, right?!? And iPhone... Well, I rest my case. Perhaps you are not who you claim to be? Sure, you're registered in Canada. Registered.
@GrapheneOS @Guillaume @Chuckles @European Commission
GrapheneOS
@celeduc @guilg @EUCommission You've made it clear you work for Volla. Your posts have been repeatedly written as speaking on their behalf and you've posted non-public information which would only be known to people working at Volla. You're repeatedly making disingenuous attacks on GrapheneOS portraying it as a honey pot and a conspiracy. A company which engages in these tactics to harm GrapheneOS is absolutely not a company which should control what's allowed to be used.
@Guillaume @Chuckles @European Commission

GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS @celeduc @guilg @EUCommission my dear friend, you did googlag-ware, and now Moto. It's quite amusing just how vigorously you defend American BigTech. Now disclose who is funding this social media frenzy.
@GrapheneOS @Guillaume @Chuckles @European Commission
Daniël
@celeduc @GrapheneOS @guilg @EUCommission And the Volla Phone Quintus is the Daria Bond 5G from an Emirates company (marked up by 560 Euro). Given that Eurowashing, maybe attacking GrapheneOS for using Pixel hardware is a bit rich? At least Pixel has proper device security.

Back to to the original topic. I only have a stake in this as an EU citizen, but having a small set of companies decide who can run what is bad, it's another attack on the freedom of EU citizens.
@European Commission
Karsten
@danieldk
I would agree to the lower paragraph and add the following thought:
Maybe it would be wise to not let the only companies with privacy in the mind get divided. Arguments ad hominem are not very convincing.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission @GrapheneOS
@GrapheneOS @Guillaume @Chuckles @European Commission @Vollaficationist @Daniël
Daniël
@khw @celeduc @GrapheneOS @guilg @EUCommission Centralized remote attestation is diametrically opposed to privacy, since it makes projects vulnerable to pressure to weaken security & privacy, delay updates, etc.

AFAIK the support for remote attestation that is already provided in AOSP does not suffer from this issue, because there is not a single entity that enforces it (banks can whitelist signing key fingerprints).

So the only reason I can think of is control.
@GrapheneOS @Guillaume @Karsten @Chuckles @European Commission
Daniël
@khw @celeduc @GrapheneOS @guilg @EUCommission This is not just a theoretical concern.

Some European countries border on autocracy. Imagine that this initiative is successful. An autocrat could pressure Volla et al. to only attest phones that have a chat backdoor under the thread of banning them from the market.

It is anti-privacy, anti-security, and anti-freedom.
@GrapheneOS @Guillaume @Karsten @Chuckles @European Commission
Karsten
@danieldk
But that has nothing to do, whatsoever, with the attestation. That said state could pressure volla et al that only phones with backdoor are allowed in the EU.
@vollaficationist @celeduc @GrapheneOS @guilg @EUCommission
@GrapheneOS @Guillaume @Chuckles @European Commission @Vollaficationist @Daniël
GrapheneOS
@khw @danieldk @celeduc @guilg @EUCommission It has everything to do with a centralized attestation system. Once this system starts being adopted, the EU can require it for banking/government apps as they began the process of doing with the Play Integrity API. They can then hijack it and begin enforcing their own requirements such including disallowing encryption without backdoors. There should be no organization in charge of which devices and operating systems are allowed.
@Guillaume @Karsten @Chuckles @European Commission @Daniël

GrapheneOSudostępnił to.

GrapheneOS
@khw @danieldk @celeduc @guilg @EUCommission If companies insist on permitting only certain devices and operating to be used then the system should be one that's distributed around the world with multiple neutral organizations not tied to the companies making devices or governments. However, delaying updates for certification is inherently anti-security. It would be impossible to quickly ship security patches without breaking compatibility with many important apps.
@Guillaume @Karsten @Chuckles @European Commission @Daniël
Karsten
@GrapheneOS
But they, the EU, can do this all along. No matter if there is something like attestation or not.
@danieldk @vollaficationist @celeduc @guilg @EUCommission
@GrapheneOS @Guillaume @Chuckles @European Commission @Vollaficationist @Daniël
GrapheneOS
@khw @danieldk @celeduc @guilg @EUCommission Attestation enables them to enforce it. Otherwise, people can import devices not complying with the rules they place on devices sold within Europe. Banning people from using devices from elsewhere is far more extreme and oppressive so that's a lot less likely. It's also far harder to enforce and if things have gotten that bad then many people are going to be unintentionally breaking oppressive laws regardless.
@Guillaume @Karsten @Chuckles @European Commission @Daniël
GrapheneOS
@khw @danieldk @celeduc @guilg @EUCommission Being able to take away compatibility with banking and government apps based on a system imposing arbitrary rules with certification required for each release is authoritarian. Regardless of the motivation for building this kind of system, the end result is a powerful tool for a police state. Root-based attestation is inherently anti-competitive and primarily useful for controlling people rather than protecting people.
@Guillaume @Karsten @Chuckles @European Commission @Daniël
GrapheneOS
@khw @danieldk @celeduc @guilg @EUCommission Pinning-based attestation is a useful security feature for protecting users and has little potential for abuse to prevent competition and enforce authoritarian laws. Root-based attestation is what causes those problems. Root-based attestation has poor security since it depends on none of the TEE/SE implementations getting exploited with their keys extracted. Not much of a security feature when any leaked key can be used to bypass it.
@Guillaume @Karsten @Chuckles @European Commission @Daniël
Karsten
@GrapheneOS
I guess I don't know enough about THW difference. So you have a link to an explanation?
@danieldk @vollaficationist @celeduc @guilg @EUCommission
@GrapheneOS @Guillaume @Chuckles @European Commission @Vollaficationist @Daniël
Karsten
@GrapheneOS
That's true but essentially they could forbid it, even with higher impact and less success
@danieldk @vollaficationist @celeduc @guilg @EUCommission
@GrapheneOS @Guillaume @Chuckles @European Commission @Vollaficationist @Daniël
Vlad_3301
@GrapheneOS @guilg Если бы помогли выиграть России суд над гуглом, где долг исчесляеться 37 нулями .
То денег на таки суды бы им не хватило. 🤣
@GrapheneOS @Guillaume
Vollaficationist
@guilg @GrapheneOS I suspect GOS is more, or different, from what they state they are. And from where do we always see v projection?
@GrapheneOS @Guillaume
Vollaficationist
@GrapheneOS please, how many people are hired by GOS for being all over social media 24/7? This day is my first and only day doing this. Would you guess why?
@GrapheneOS
Vollaficationist
@GrapheneOS If it's illegal in Canada, well, then I'm sorry to hear that. Volla is seeking constructive collaboration, and the entire design of the UA is set for open and transparent collaboration. You know, if we could sidestep Google, we would all gain: the companies involved, the citizens, organisations and companies, as well as security itself.

As for Canada law, would it be possible (legal) for you to get certificated by UA (without actively partaking in the consortium)?
@GrapheneOS
GrapheneOS
Unified Attestation is illegal throughout Europe too. We'll be filing a lawsuit against each of the companies. It's an illegal anti-competitive cartel and none of these companies has any right to determine whether apps are compatible with GrapheneOS. That's fundamentally illegal and it needs to stop before going any further. Multiple companies which have engaged in years of underhanded attacks on the GrapheneOS project are not going to be in charge of whether apps can be used.
GrapheneOS
Murena and iodé are have spent years attacking the GrapheneOS project. They've relentlessly mislead people about what it provides to promote their products. They've misled people about what their own products with atrocious security provide. We began debunking their claims so they began making personal attacks on our team including spreading vile harassment content. We'll never give these companies veto power over app compatibility on GrapheneOS and we won't work with them.
Xtreix
An anti-competitive cartel violates the principle of fair competition not only in Canada but in most countries, including the EU.

https://competition-policy.ec.europa.eu/antitrust-and-cartels_en

Unified Attestation is an initiative with Murena, Iodé, and Volla, three untrustworthy for-profit companies that want to copy Google Play Integrity API, which is already abusive and illegal, to manipulate the market and impose their misleading standards.

There is nothing neutral about it, and the fact that it’s “open-source” doesn’t change a thing.

Antitrust and Cartels

Antitrust and Cartels Overview
Competition Policy
Ten wpis został zedytowany (3 miesiące temu)
meowki
@Xtreix @GrapheneOS So what are the alternatives? Sandboxed google? Not having banking apps? Not having alternative payment apps?
The issue is that banks are required to have this attestation by credit card companies.
@GrapheneOS @Xtreix
Xtreix
@meowki @GrapheneOS Most banking apps work well on GrapheneOS; check out this list : https://privsec.dev/posts/android/banking-applications-compatibility-with-grapheneos/

The attestation compatibility guide is a good, neutral approach that is not controlled by a centralized authority : https://grapheneos.org/articles/attestation-compatibility-guide

Unified Attestation threatens the compatibility of apps for developers who refuse to participate in their illegal cartels. This seriously undermines the efforts of a project like GrapheneOS, which strives to make as many Android apps as possible compatible with a truly secure and privacy-respecting operating system, one without user accounts, AI, age verification, client-side analysis, or any default Google services nor any other tech companies, etc

We need to support it because there’s no one else doing what GrapheneOS does.

Banking Applications Compatibility with GrapheneOS

Maintained Compatibility List for International Banking Apps This list includes banking apps that have been tested, submitted, reviewed, and verified as compatible.
akc3n, Tommy, spring-onion (PrivSec - A practical approach to Privacy and Security)
@GrapheneOS @meowki
Ten wpis został zedytowany (3 miesiące temu)
meowki
@Xtreix I still think it’s an issue that google play services is required for this to work. We need an alternative to this.
@Xtreix
Xtreix
@meowki It would be great if banking apps could work without Google Play Services; that said, keep in mind that on GrapheneOS, you install Play Services and Google Play as standard, non-privileged apps that run in the hardened sandbox.

This is a significant difference compared to stock Android, where Google Play Services runs as a system app with elevated privileges that you cannot control. MicroG works in the same way and is often mistakenly presented as a more private alternative to Google Play Services.

What cross-app sandboxing doesn't protect is communication between apps based on mutual consent. If you install Instagram and Facebook on the same profile, the apps still only have access to what you authorize them to access, but since they belong to Meta, they could exchange telemetry data with each other.

To stop this, the solution is to use a system-wide secondary profile, which offers excellent isolation but is somewhat cumbersome to use, or the private space, which provides less robust isolation but is easier to use. This decision really depends on your threat model and whether or not you consider plausible communication between these applications to be acceptable.

https://grapheneos.org/usage#sandboxed-google-play

GrapheneOS usage guide

Usage instructions for GrapheneOS, a security and privacy focused mobile OS with Android app compatibility.
GrapheneOS
@meowki
meowki
@Xtreix ok, but what about other operating systems such as SailfishOS? https://forum.sailfishos.org/t/unified-attestation/28249/9 Security asside (I get that GOS is more secure).But this may open up payment apps support for alternative systems. Are there other alternatives to UA there?

Unified Attestation

There is nuance, as always. Not everyone uses GPI, as there are several “Integrity Check” and “App Security” frameworks on the market. From my experience, only the “hardliners” like some payment apps and the entertainment industry tend to use it.
Sailfish OS Forum
@Xtreix
Xtreix
@meowki SailfishOS is a scam who has collaborated with the Russian government before the invasion of Ukraine and continues to have ties to the Russian government. AuroraOS, used by the Russian government, is a fork of SailfishOS.

Curve Pay work well on GrapheneOS for the contactless payment, available for EU users currently, and I recently discovered a interesting a project that look interesting, which is actually in development.

"Are there other alternatives to UA there?"

Unified Attestation is an alternative of Google Play Integrity API, both are abusive, illegal and completely useless.

The AOSP attestation hardware is available since Android 8, is functional, and is neutral.

https://github.com/eu-digital-identity-wallet/eudi-app-android-wallet-ui/issues/287#issuecomment-4085348754

https://www.curve.com/

https://walt.is/

https://techcrunch.com/2016/11/29/jollas-sailfish-os-now-certified-as-russias-first-android-alternative/

https://en.wikipedia.org/wiki/Aurora_OS_(Russian_Open_mobile_platform)
@meowki
Ten wpis został zedytowany (3 miesiące temu)
meowki
@Xtreix
It’s obvious to me that GOS is not really about de-googling, but rather to harden the security of Android.

Curve requires google play services. If that is where the GOS is comfortable it’s not an issue to me. However, we still need alternatives w/o GP.

Where I find it a bit discomfortable is the constant accusations that others are scammers/lying.

https://forum.sailfishos.org/t/plea-for-official-statement-from-jolla/10430/40

Do you have recent proof they are collaborating with Russia?

Anything you would like to add to this @jolla ?

Plea for official statement from Jolla

Jolla has no longer active business or exports to Russia, the business was ramped down during 2021. We continue to offer the independent European OS for all who want freedom of choice and value digital independence.
Sailfish OS Forum
@Xtreix @jolla
GrapheneOS
@meowki @Xtreix @jolla@techhub.social

> It’s obvious to me that GOS is not really about de-googling, but rather to harden the security of Android.

GrapheneOS is a privacy project. It's focused on privacy above everything else. Privacy depends on security.

You're presenting posts from an account which doesn't belong to GrapheneOS or any of our team members as if it's from us...

> Where I find it a bit discomfortable is the constant accusations that others are scammers/lying.

They should stop doing it.
@Xtreix @meowki
GrapheneOS
@meowki @Xtreix No, GrapheneOS is a privacy project. It's focused on privacy above everything else. Privacy depends on security.

Privacy does not mean specifically avoiding Google services while using more privacy invasive services. Your reasoning for why Curve isn't a private option is extremely wrong. It's not the reliance on Google Play services which makes it bad for privacy.

You're presenting statements from an account not belonging to GrapheneOS or any of our team members as from us...
@Xtreix @meowki
GrapheneOS
@meowki @Xtreix You appear to be confusing Jolla and Volla with each other. Those are completely different companies. Jolla's partnership and ownership by the Russia government from 2015 through 2023 is well documented public information. What do you expect to be proven about something which was very openly acknowledged by them? Their bankruptcy restructing in 2023 got rid of Russia's ownership of Jolla but doesn't change that it's a largely closed source OS which was developed with that regime.
@Xtreix @meowki
GrapheneOS
@meowki @Xtreix Unified Attestation is entirely built on top of the standard Android hardware attestation service. The sole purpose it serves is to centralize control over what's allowed to be use. It exists so that the companies involved can convince apps to adopt their own API for verifying devices where they permit their own products while forbidding everything else. It has no legitimate purpose over using standard Android hardware attestation API which is fully usable outside Android too.
@Xtreix @meowki
GrapheneOS
@meowki @Xtreix Currently, 90% of European banking apps can be used on GrapheneOS including many supporting tap-to-pay without Google Pay. Unified Attestation will reduce the compatibility of these apps. Each app adopting it would stop working on GrapheneOS and many other systems. It's the opposite of how you're portraying it. It's a system to reduce the compatibility of these apps with arbitrary systems to instead only permit using products from Volla and other participants in the cartel.
@Xtreix @meowki
Didek
@GrapheneOS

May be open to collaboration, but the thing is you still need collaboration with them. You cannot implement some protocol and have a software working, you need their special approval that the software you run is something they agree with.

Attestation is worse than DRM, it is very harmful no matter if coming from US or EU.
@GrapheneOS
GrapheneOS
@skywalker2k17 It's not an open approach but rather an anti-competitive cartel formed between multiple companies to permit their products while locking out others. GrapheneOS won't participate and we'll file a lawsuit against each company involved for banning GrapheneOS. Unified Attestation is nothing short of a declaration of war on not only GrapheneOS but anyone who wants to be able to choose their hardware and software without needing approval from the EU and EU companies.

GrapheneOSudostępnił to.

Vollaficationist
@GrapheneOS @skywalker2k17 you keep repeating your magical words, my friend. It won't change a thing. Time was much better spent with a constructive dialogue set to solve problems pragmatically. Perhaps Canadian laws could be the problem? 🤔 Just one example of thinking.
@GrapheneOS
GrapheneOS
@skywalker2k17 We're explaining to people what you're actually doing and how it's going to harm them to have an EU consortium of companies in control of which hardware and software they're allowed to use. It's absolutely going to change things. People aren't yet widely aware of how you're declaring war on their freedom to use alternatives including GrapheneOS. Both Canada and the EU forbid companies getting together to make a system allowing their products but not others.
GrapheneOS
@TuxOnBike Volla is working on building a future where people can only use devices and software approved by governments. Building a European system for controlling which hardware and operating systems are allowed to be used which they're going to heavily push apps to adopt isn't a good thing. Play Integrity API being controlled by a single US company makes it much easier to fight against in Europe right now. Building a European system for doing the same thing isn't positive.
@TuxOnBike
Vollaficationist
@skywalker2k17 @Phobos1641 @GrapheneOS but who is this dude, or many dudes, being kind of omnipresent (look it up) all over social media, 24/7¿ For me, today was my first day. A little shocked.

Whatever, UA is open to anyone. And this fact is why the GOS dude is alleging, empty handed, that is illegal in Canada and EU. According to him/her it's probably globally illegal to contest googlag, right. You're welcome.
@GrapheneOS @Phobos1641
GrapheneOS
@meowki

> Doesn’t that seem a bit farfetched?

Nothing about it is farfetched.

> You don’t want to support it, fine.

No, we don't want these companies further degrading app compatibility with arbitrary options including GrapheneOS which is what their system is going to do.

> You rather trust the whims of Google than these companies, fine.

This is an outrageous misrepresentation of our position. We've been actively fighting and succeeding against the Play Integrity API for years now.
@meowki
GrapheneOS
@meowki

> The fact is Google could also go out to of their way to require a version of this that will block these apps from running on your OS.

Play Integrity API is clearly illegal and substantial progress was being made to dealing with it. Having another anti-competitive system banning using arbitrary hardware and software based in Europe will help to legitimize and spread attestation to more apps.

> Perhaps it’s time to bury the axe?

Volla is welcome to discontinue Unified Attestation.
@meowki