Przejdź do głównej zawartości
🔐 Introducing: Unified Attestation
An open-source project for verifying the integrity of Android apps—as an alternative to Google's Play Integrity.

The goal is to make apps such as banking and payment apps usable on independent Android systems without relying on Google services.

We invite developers, ROM projects, and app providers to get involved.

https://uattest.net/

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.
uattest.net
#privacy #opensource #security #hardware #software #degoogle #Volla #VollaOS

kravietz 🦇udostępnił to.

🌈 Lascapi ⁂
looks very promising !! 👍
GrapheneOS
@lascapi Android already has a hardware attestation system open to everyone unlike this centralized system. Volla, Murena and iodé made a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

2026-03-16 15:19:34


Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

mastodon.social/@volla/1162387…

@volla@mastodon.social:
🔐 Introducing: Unified Attestation
An open-source project for verifying the integrity of Android apps—as an alternative to Google's Play Integrity.

The goal is to make apps such as banking and payment apps usable on independent Android systems without relying on Google services.

We invite developers, ROM projects, and app providers to get involved.

uattest.net/

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle


@🌈 Lascapi ⁂
🌈 Lascapi ⁂
Hi @GrapheneOS, you said :
> Unified Attestation is anti-competitive and it clearly isn't legal.

I don't get your point with this argument.

If I understand well, Unified Attestation is a competitor of Google Play Integrity. And everyone can try to setup another competitor.

How can you say that it's not legal?
@GrapheneOS
GrapheneOS
@lascapi Multiple companies collaborating together to make a system which permits their products and forbids using alternatives isn't legal. The whole point of Unified Attestation is that it's a centralized system on top of Android hardware attestation putting these companies in control of which devices and operating systems are allowed. Companies making the products being certified should not be the ones deciding what's allowed. It's clearly not legal for them to be forbidding alternatives.
@🌈 Lascapi ⁂
GrapheneOS
@lascapi They're pushing for banking and government apps to adopt a system which they control what's allowed to be used. They're going to be permitting their own products without reasonable security standards while locking out anything not participating in it. That's an anti-competitive cartel and not legal. We're not only going to heavily advocate against it but will file a lawsuit against Volla and the other companies involved as soon as there are apps using it while not permitting GrapheneOS.
@🌈 Lascapi ⁂
Vollaficationist
@GrapheneOS @lascapi
Let's collaborate. It's contra-productive with this quarrelling, which often lacks true understanding (cf. this thread, too). UA is *not* a centralised system; on the contrary it is open to any and all interested OS manufacturers - and you have been invited. Any and all. The procedures will be opensourced for anyone to scrutinise and improve. You are so welcome to join.
@GrapheneOS @🌈 Lascapi ⁂
GrapheneOS
@vollaficationist @lascapi Unified Attestation is absolutely a centralized system where the companies involved are in control of what's allowed. It's entirely built on top of Android hardware attestation which works fine without a centralized service. Putting out an invite for others to join an anti-competitive cartel providing a centralized service permitting their products doesn't make it open or decentralized. It's an illegal system and GrapheneOS will be filing a lawsuit if it's not ended.
@🌈 Lascapi ⁂ @Vollaficationist
GrapheneOS
@vollaficationist @lascapi We've been using the Android hardware attestation API since 2017 in our Auditor app and we were the ones to propose official support for pinning-based verification which was implemented. We've filed multiple issues about bugs in the early implementation on Pixels. We know how it works and know that it's fully usable without Volla's centralized service on top of it putting them in control. You don't understand how it works or what they've built, you just promote the.
@🌈 Lascapi ⁂ @Vollaficationist
GrapheneOS
@vollaficationist @lascapi GrapheneOS will not participate in an illegal system. It would be a violation of Canadian law. We also won't give these companies veto power over app compatibility in GrapheneOS.

It's an existential issue for GrapheneOS similarly to the Play Integrity API. We're already winning a lawsuit and we can win another against Volla too. They should discontinue this before any app adopts it at which point it becomes a legal matter if that app doesn't permit GrapheneOS.
@🌈 Lascapi ⁂ @Vollaficationist
🌈 Lascapi ⁂
Hi @GrapheneOS
You wrote 'We've been using the Android hardware attestation API since 2017 in our Auditor app'.
Correct me if I'm wrong but this works only with the Google Pixel hardware, isn't it?

@vollaficationist
@GrapheneOS @Vollaficationist
GrapheneOS
@lascapi @vollaficationist Android hardware attestation works on all modern Android devices and is the entire basis for Volla's Unified Attestation API. Their system is a centralized service built on top of Android hardware attestation. Android hardware attestation can already be used directly with arbitrary roots of trust and verified boot key fingerprints permitted. Instead of making a centralized attestation service, they could have at least just made signed root CAs and key fingerprints.
@🌈 Lascapi ⁂ @Vollaficationist
GrapheneOS
@lascapi @vollaficationist We would still be against a system being run by companies selling devices rather than a neutral system with fair enforcement of security policy which avoids getting in the way of frequent OS updates. However, it would not be nearly as bad if it was designed to have apps use the standard Android hardware attestation API directly where they could easily add other sources of which roots and operating systems are allowed. Why do they want a centralized service?
@🌈 Lascapi ⁂ @Vollaficationist
GrapheneOS
@lascapi @vollaficationist Our Auditor app stopped bothering to support devices not supported by GrapheneOS because it was too much trouble. We plan to eventually add a less secure generic mode working across all non-Pixel devices with working hardware attestation but it's a low priority and we're focused on GrapheneOS. Anyone who can currently use Auditor can use GrapheneOS on their device so nearly everyone using it is a GrapheneOS user and we haven't prioritized non-GrapheneOS usage.
@🌈 Lascapi ⁂ @Vollaficationist
🌈 Lascapi ⁂
@GrapheneOS @vollaficationist Ok, thank you for the clarification, it's outside of my knowledge comfort zone, but I think I got your point.
@GrapheneOS @Vollaficationist
Mae
@GrapheneOS @lascapi how is this worse than graphene urging devs to allow your signing keys specifically?
https://grapheneos.org/articles/attestation-compatibility-guide

I agree with your stance, but I feel this is hypocritical when you're also advocating for a system under which every OS will have to beg every app vendor in the world for approval(something which a different, smaller than you project won't have the resources to do)

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.
GrapheneOS
@GrapheneOS @🌈 Lascapi ⁂
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@Mae @lascapi Unified Attestation is drastically worse than directly using the standard system. There's nothing preventing making a library shared between apps building in support for fetching signed lists of permitted verified boot keys. Unified Attestation is drastically worse since it gives complete control over what's allowed to several companies. Unified Attestation very clearly exists for the purpose of Volla being able to permit their devices while raising the barrier to competition.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi Volla, Murena and iodé each sell devices not meeting a reasonable level of security. It rules out Unified Attestation requiring a reasonable level of security since the whole point of it for them is getting apps to permit their devices. It's fundamentally wrong for companies selling devices and operating systems to be in charge of which devices and operating systems should be permitted by banking/government apps. It will inherently be highly biased and anti-competitive this way.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi If they used the standard Android attestation API with signed lists of trusted roots and verified boot keys, then they wouldn't be able to lock people into only using their operating systems. Volla has not provided any legitimate reason for not directly using the standard Android hardware attestation API.

Can you provide any reason beyond harming competition for making their own API built entirely on top of the standard Android hardware attestation API? Why not use it directly?
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi Here's proof of one of Volla's employees using sockpuppet accounts to promote Volla while attacking GrapheneOS and other options with inaccurate claims:

https://grapheneos.social/@GrapheneOS/116251325625494349

This is something which has been happening in the long term. This sockpuppet account was recently used to attack GrapheneOS as part of promoting Unified Attestation. They publicly showed they have insider information from inside Volla proving it. We've identified which employee has been using this account.

GrapheneOS

2026-03-18 17:20:55


RE: mastodon.social/@vollafication…

Here's a post where the @vollaficationist clearly refers to themselves as being part of Volla and shares internal information which would only be known to someone working at Volla

This account doesn't belong to someone who uses and supports Volla's products but rather belongs to someone working at the company. Take note of how they claim to respect GrapheneOS at the end of that post. It's an extreme contrast with many of the other posts they've made trying to undermine the GrapheneOS project.

@vollaficationist@mastodon.social:
@GrapheneOS This is currently being discussed. Nothing is written in stone. One way is to have an independent third-party highly renowned institution do test and certification. Please consider that UA is still very much "under construction." Please also note that we respect GOS' work, which is why we reached out to you half a year ago.


@Mae @🌈 Lascapi ⁂
Mae
@GrapheneOS @lascapi
how is "library shared between apps building in support for fetching signed lists of permitted verified boot keys"
practically different from what unified attestation is?
If the companies running uattestation made a list of allowed keys like you suggest you'd have the same issues.

> Can you provide any reason beyond harming competition for making their own API built entirely on top of the standard Android hardware attestation API? Why not use it directly?

I don't know. I could imagine being able to do signature revocations, being able to mirror the play protect API 1 to 1 and being able to support non android OSes in the future as possible reasons but I haven't looked too deeply into things, so maybe this is not a need/possible under the new system either.

My stance is that attestation schemes like this are fundamentally bad and anti competitive. I was not aiming to defend uattestation.
I think that graphene recommending that devs specifically allow graphene keys, without recommending that they shouldn't do attestation first and foremost is anti competetive as well, which is why I called your original post calling this scheme anti competitive hypocritical.
@GrapheneOS @🌈 Lascapi ⁂
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@Mae @lascapi Services adding support for standard Android hardware attestation using services to obtain a list of additional trusted roots and a list of trusted verified boot keys for alternate operating systems can very easily add more. It's not controlled by an anti-competitive centralized service but rather they can use multiple. That's entirely different from a service controlled by Volla which will deliberately ban using GrapheneOS and other options while pretending that's not the point.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi

> I don't know. I could imagine being able to do signature revocations, being able to mirror the play protect API 1 to 1 and being able to support non android OSes in the future

None of that requires a centralized API controlled by Volla. Volla wants a centralized API under their control to have apps permit their devices and not others. Using the standard API is a far superior approach avoiding centralized control. The OS side isn't even inherently biased towards Google.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi

> My stance is that attestation schemes like this are fundamentally bad and anti competitive. I was not aiming to defend uattestation.

You're defending companies engaging in blatant anti-competitive behavior including underhanded attacks on the GrapheneOS project with sockpuppet accounts, years of inaccurate claims about GrapheneOS to mislead people into not using it and harassment towards our team. It's not limited to them making a centralized API that's not going to allow it.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi

> I think that graphene recommending that devs specifically allow graphene keys, without recommending that they shouldn't do attestation first and foremost is anti competetive as well, which is why I called your original post calling this scheme anti competitive hypocritical.

That's extraordinarily untrue. We've heavily advocated against using attestation to make an allowlist of specific hardware and operating systems. You're heavily misrepresenting our compatibility guide.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi Our compatibility guide explains how the standard Android hardware attestation API used by anti-competitive systems including the Unified Attestation API and Play Integrity API can instead be used directly by apps to permit arbitrary operating systems. That's not a recommendation to use attestation but rather we heavily recommend against using it for this and provide a guide for services which insist on doing it so they can support GrapheneOS and other operating systems.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae @lascapi Any service following our guide will end up being able to easily add support for arbitrary operating systems. It's very straightforward to make services which provide a list of authorized verified boot keys and alternate roots of trust as an alternative to the Google ones for devices outside of the standard Android ecosystem. The standard API fully supports both of those things. It has a bias towards stock OSes but doesn't have a bias towards Google for the on-device part.
@Mae @🌈 Lascapi ⁂
Mae
@GrapheneOS @lascapi

> We've heavily advocated against using attestation to make an allowlist of specific hardware and operating systems.

where?

Every single place I look I can only find graphene and users saying: "here's how you can add support for graphene to your app". Not "You shouldn't do this, but if you insist here's how you can also support graphene". I cannot find a blog post saying that you are again attestation. I might just be bad at googling.
@GrapheneOS @🌈 Lascapi ⁂
PrivacyShark
@Mae @GrapheneOS @lascapi Mae your just a troll and likely an employee of a competitor otherwise you would not care about where posts are.
@Mae @GrapheneOS @🌈 Lascapi ⁂
Mae
@LearnToLivePrivate @GrapheneOS @lascapi I don't care where they are, I was asking "where" meaning "can you please point me to where they are"
@GrapheneOS @🌈 Lascapi ⁂ @PrivacyShark
Mae
@LearnToLivePrivate @GrapheneOS @lascapi I claimed they were hypocrites because the only statements I could find from the official graphene team on the subject was on the page where they talk about how you can whitelist graphene.
They pointed me to a place where they did in the past say that they don't believe root based attestation provides meaningful security, so I dropped the thread, I don't think this is bad faith behavior from me.
@GrapheneOS @🌈 Lascapi ⁂ @PrivacyShark
Ten wpis został zedytowany (2 miesiące temu)
PrivacyShark
@Mae @GrapheneOS @lascapi my post stands you confirmed with this reaponse. Your looking for something my post was why if your so into calling people hypocritical and arguing your a troll.
@Mae @GrapheneOS @🌈 Lascapi ⁂
Ten wpis został zedytowany (2 miesiące temu)
Mae
@LearnToLivePrivate @lascapi ok buddy, your whole identity is being a GrapheneOS user, but this trans woman with a 5 year old instance who talked about graphene maybe twice is a troll and a sockpuppet
@🌈 Lascapi ⁂ @PrivacyShark
PrivacyShark
@Mae @lascapi yes I am a graphene user never denying that and here we go I didn't know did not ask nor do I care if your trans lmfao don't start doing the extreme left victim game to win an argument use trans and race Its a joke especially since again I never said asked nor cared it had nothing to do with the convo
@Mae @🌈 Lascapi ⁂
Ten wpis został zedytowany (2 miesiące temu)
GrapheneOS
@Mae @lascapi That's not true. We've heavily advocated against using attestation to make an allowlist of hardware and operating systems for services. Our compatibility guide explains how services insisting on using attestation can use a system which enables adding support for arbitrary operating systems including but not limited to GrapheneOS. Any app which implements what our guide explains is in a position to trivially add support for additional operating systems which is far better.
@Mae @🌈 Lascapi ⁂
GrapheneOS
@Mae Your claim that the standard system would require each OS to get each app to add support for them is completely wrong. It's entirely possible to distribute signed lists of verified boot keys for use with the standard system along with signed lists of additional roots of trust which can simply be a list of hashes too. Multiple services can provide these as signed, timestamped lists of hashes. Volla's system is focused on vendor lock in by making their own API and service under their control.
@Mae
GrapheneOS
@Mae Why not simply publish a JSON file with a timestamp, a list of authorized verified boot keys and a list of authorized roots of trust for use with the standard Android attestation API? Why does there need to be a centralized service using a new API under the control of these companies which apps specifically talk to using a new API? This requires building in new functionality to the OS and apps. It's anti-competitive and implements a bunch of unnecessary vendor lock in with no justification.
@Mae
GrapheneOS
@Mae The purpose of Volla's system is to permit their own devices and operating systems along with those of their business partners including Murena. The fact that it's going to lock out using GrapheneOS and most other options is by design. We're not putting these hostile companies which have spent years trying to harm GrapheneOS in control over app compatibility for it where they get the ability to harm it at any time by revoking it for arbitrary reasons. That's absolutely not happening.
@Mae
GrapheneOS
@Mae Google has gone out of the way to obfuscate what they're doing and muddy the waters with all kinds of justifications which make it far harder for us to challenge it legally. Volla hasn't done this and is implementing a far more clearly illegal anti-competitive system than the Play Integrity API. There's a specific market for Android devices without Google Mobile Services and they're forming an anti-competitive cartel with other companies in it. What they're doing is clearly not legal.
@Mae
Lutin Discret
thanks. Your approach is better than google having a monopoly on device attestation.
GrapheneOS
Android already has a hardware attestation system open to everyone unlike this centralized system. Volla, Murena and iodé made a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

2026-03-09 16:16:18


We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

https://uattest.net/

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.
uattest.net
Ten wpis został zedytowany (3 miesiące temu)
GrapheneOS
@j_r Android already has a hardware attestation system that's open to everyone unlike this centralized system. Volla, Murena and iodé are making a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116200110686604617

GrapheneOS

2026-03-09 16:16:18


We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

https://uattest.net/

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.
uattest.net
@j_r
Michael Downey :notAI:
You're literally calling for centralization on the decentralized social network.

🤡

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle
#privacy #opensource #security #hardware #software #degoogle #Volla #VollaOS
Ten wpis został zedytowany (3 miesiące temu)
circus_maximus
@downey
It seems like a decentral phone home system - so your app as an app developer has its own "home server".

Not sure what the benefit of this is and the use case in general
@Michael Downey :notAI:
GrapheneOS
@circus_maximus @downey @Torx Android already has a hardware attestation system open to everyone unlike this centralized system. Volla, Murena and iodé made a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

2026-03-16 15:19:34


Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

mastodon.social/@volla/1162387…

@volla@mastodon.social:
🔐 Introducing: Unified Attestation
An open-source project for verifying the integrity of Android apps—as an alternative to Google's Play Integrity.

The goal is to make apps such as banking and payment apps usable on independent Android systems without relying on Google services.

We invite developers, ROM projects, and app providers to get involved.

uattest.net/

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle


@Michael Downey :notAI: @Torx @circus_maximus
Torx
Interesting approach, but: How does #unifiedattestation ensure every interested other and secure alternative ROM can also pass the test?

@GrapheneOS does heavily criticize your approach. They claim it puts you (your project) in charge of controlling which ROMs pass attestation and which do not.

Is there any room for a collaboration? It sounds as if #GrapheneOS rules this out, how about you guys from @volla? Any negotiations possible? Any common ground?

I, as a user, would just like to use those banking apps without worrying they might stop functioning anytime with any updates. Those banking-app-devs are the real culprits IMHO, to rely on something like Integritycheck theater.

@volla is your secret that you will convince banking-app-devs to open up their checks?
#grapheneos #unifiedattestation @Volla @GrapheneOS
GrapheneOS
@Torx Android already has a hardware attestation system open to everyone unlike this centralized system. Volla, Murena and iodé made a centralized system on top of the Android hardware attestation API to permit their own products while forbidding others. They're not enabling anything which wasn't already possible and are fully dependent on standard Android hardware attestation. Unified Attestation is anti-competitive and it clearly isn't legal.

https://grapheneos.social/@GrapheneOS/116239523775374959

GrapheneOS

2026-03-16 15:19:34


Android provides a standard hardware attestation system with support for alternate operating systems via allowing their verified boot key fingerprints. It's mainly used with Google's root of trust and remote key provisioning service but the API supports alternative roots of trust.

Volla's Unified Attestation is fully built on Android's hardware attestation API. It solely exists to create a centralized authority and service determining what's allowed under their control.

mastodon.social/@volla/1162387…

@volla@mastodon.social:
🔐 Introducing: Unified Attestation
An open-source project for verifying the integrity of Android apps—as an alternative to Google's Play Integrity.

The goal is to make apps such as banking and payment apps usable on independent Android systems without relying on Google services.

We invite developers, ROM projects, and app providers to get involved.

uattest.net/

#Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle


@Torx
GrapheneOS
@Torx We're completely willing to file a lawsuit against @volla over this as soon as there are apps permitting their products through their system while disallowing GrapheneOS. It's not legal for Volla and multiple other companies to get together to implement a system banning using anything other than their products. We aren't going to participate is an illegal anti-competitive cartel. It's clearly against the law and should be stopped now prior to it causing clear damages to GrapheneOS.
@Volla @Torx
GrapheneOS
@Torx Devices and operating systems providing an alternative to Google's ecosystem based on AOSP is a distinct space from the broader Android app ecosystem. Companies trying to give themselves an advantage through banning arbitrary options other than their own products/services is clearly an illegal anti-competitive tactic within that space. This should be halted before it causes harm to GrapheneOS. We will not tolerate apps permitting their products through it and banning GrapheneOS.
@Torx
GrapheneOS
@Torx Volla and these other companies do not get to coerce us into participating in an illegal anti-competitive cartel where app compatibility would be harmed if we didn't participate. They do not get to coerce us into following their arbitrary demands and giving themselves veto power over GrapheneOS app compatibilities. Both Murena and iodé hostile towards GrapheneOS including spreading endless misinformation and direct involvement in spreading/supporting libel/harassment content.
@Torx
Vollaficationist
@GrapheneOS @Torx
No one is "banning" anything. If Graphene has another solution for ensuring their customers can enjoy app compatibility, great. In the end, it will be banks, governments, whatever app, who will decide what gets a pass and what not. And lo and behold, different apps already operates with different allowances. In Germany, for instance, the government has decided that Google will not be necessary for ID apps. Norway, too, is loosening up on this, Sweden as well.
@GrapheneOS @Torx
GrapheneOS
@vollaficationist @Torx Android already has a standard hardware attestation API which can be used to permit arbitrary roots of trusts and operating systems. Volla's Unified Attestation is only a layer on top of standard Android hardware attestation rather than an alternative to it. Unified Attestation only makes it into a centralized service under the control of these companies where their own devices can be permitted and not others. We'll be filing a lawsuit if it isn't discontinued.
@Torx @Vollaficationist
Vollaficationist
@Torx UA can not _ensure_ every ROM gets a pass. It's the test design that decides this.

Three important factors:
1. ANY OS is welcome, including GrapheneOS. It all is open, transparent, inclusive, collaborative.
2. The crux here is important/obligatory apps for banking, payment, identification. And these are inextricably linked to the user's OS.
3. Because such apps are inextricably linked to OS, and because Google has this weird monopoly, we need to find an alternative.
@Torx
GrapheneOS
@vollaficationist @Torx No, it's an anti-competitive centralized system being run by companies making products with atrocious security. The whole point is permitting their products while disallowing most other options including GrapheneOS. These companies have a history of attacking the GrapheneOS project and would be in a position to veto app compatibility with GrapheneOS. They've been making underhanded attacks on GrapheneOS for years and this would give them the power to hurt us more.
@Torx @Vollaficationist
GrapheneOS
@vollaficationist @Torx Android already has a standard hardware attestation system usable to permit arbitrary roots of trust and operating systems. Volla hasn't done anything beyond building a centralized system on top of standard hardware attestation. The sole purpose of it is centralizing control over what's allowed so they can permit their own products while disallowing others. Unified Attestation anti-competitive and blatantly illegal regardless of how much Volla falsely markets it.
@Torx @Vollaficationist
GrapheneOS
@Mae @lascapi We aren't against attestation but rather are against using it to control which devices and operating systems can be used. Pinning-based attestation doesn't have these problematic properties so that's a non-issue. Root-based attestation can inherently be used to lock out competition due to being based around specific roots. It also fundamentally tries to do something which can't be done particularly securely, unlike pinning-based attestation. Both can be used at once though.
@Mae @🌈 Lascapi ⁂
PrivacyShark
@Mae it is especially with trolls
@Mae
PrivacyShark
@Mae @GrapheneOS I can tell by the entire convo you guys had I wouldnt personally even try to argue my point with Mae
@Mae @GrapheneOS
PrivacyShark
@Mae see @GrapheneOS just a troll not even worth the convo with this one there's no winning when the game is to troll
@Mae @GrapheneOS
PrivacyShark
It is done.if one is missed just link it
Ten wpis został zedytowany (2 miesiące temu)