Przejdź do głównej zawartości
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.

https://uattest.net/

Unified Attestation

Unified Attestation is a free, open-source alternative to Google Play Integrity with offline verification and simple app + server integration.
uattest.net

3 użytkowników udostępniło to dalej

GrapheneOS
Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.
GrapheneOS
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
GrapheneOS
Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.
GrapheneOS
If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.

Neil Brownudostępnił to.

GrapheneOS
Volla, Murena and iodé sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.
Klaus Frank
Yea, kill all anti-circumvention laws. It is time. We only implemented them because the US pressured us to do so with "tarrifs", but we now have tarrifs (as well as a quite unpredictable application of them).

So middle finger to the US and undo all anti-circumvention laws.
GrapheneOS
These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.
GrapheneOS
Murena and iodé are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodé should have no say in which OS people can use on their devices.
ftm
and what exactly is your conflict with volla. I get the iodé and Murena part, but what's wrong with Volla?
GrapheneOS
@ftm Murena and iodé relentlessly spread false claims about GrapheneOS and our team. That includes personall targeting our team with absolutely vile bullying and harassment.

Here's the founder and CEO of /e/ and Murena linking to content from a neo-nazi conspiracy site targeting our founder with blatant fabrications including links to harassment content from Kiwi Farms users:

https://archive.is/SWXPJ
https://archive.is/n4yTO

Volla is fully aware of all this but works closely with these groups.
@ftm
GrapheneOS
@ftm Their Unified Attestation system is a proposal to ban people from using GrapheneOS while permitting using insecure operating systems from the companies working with them. Why wouldn't we have an issue with that? Even if they did give in and permit using GrapheneOS, we don't want these systems to exist. Hardware attestation should be used to protect users rather than determining OS compatibility in a way that has nothing to do with security. Banning using an OS based on this is wrong.
@ftm
DekOfTheYautja
@ftm Ah geeze, here we go again 🤣
@ftm
Daniël
@ftm it is worth checking Volla's source trees. They use ancient kernels firmware blobs, etc. It's pretty much the same issue as GMS Android, the whole attestation thing becomes security theater if phones with years of known holes get attested.
@ftm
GrapheneOS
It's inherently security theatre because neither companies and governments are willing to ban using the majority of Android phones which is what would happen if even basic security standards such as keeping up with High and Critical severity patches from AOSP and the SoC / radio vendors was enforced. Instead, they're disallowing people having the freedom to use their hardware or OS of choice while not enforcing even basic security standards. They're disallowing better security.
Ten wpis został zedytowany (3 miesiące temu)
GrapheneOS
There's no legitimate purpose for either Play Integrity or Unified Attestation to exist. Both will inherently fail to uphold even basic security standards since otherwise their own products wouldn't be allowed. Root-based attestation is also inherently not a secure approach.
GrapheneOS
Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It's more of the same anti-competitive garbage.
ṫẎℭỚ◎ᾔ ṫ◎ℳ
Totally, 🤦🏼 I don't wanna be locked-in📵 😠
Daniel
@TycoonTom you will not be, the standard is open for everyone
@ṫẎℭỚ◎ᾔ ṫ◎ℳ
GrapheneOS
@DanielDNK @TycoonTom The standard is not open to everyone. It's run by a group of companies hostile to GrapheneOS which will be permitting their own products but not GrapheneOS.

Unified Attestation is a centralized system built on top of the Android hardware attestation API for the sole purpose of a power grab where these companies can control which devices and operating systems are allowed. They haven't made their own attestation system. They've made a system to control use of a standard API.
@ṫẎℭỚ◎ᾔ ṫ◎ℳ @Daniel
ṫẎℭỚ◎ᾔ ṫ◎ℳ
Totally correct "control "👏🏼 see pic👇🏼
We've introduced additional checks to protect your account. The following apps have been downloaded from unofficial app stores Your access to the HSBC UK Mobile Banking app has been suspended on this device until you've taken action to restore it. Identified apps: = Bitwarden How do | restore access? | Uninstall the identified apps from your device fil and download again from the default device app store, eg Google Play or Galaxy Store. For further assistance, please visit https://www.hsbc |i .co.uk/contact/
Ten wpis został zedytowany (3 miesiące temu)
Nicholas B.
I would like to say Thank You! GrapheneOS devs for giving us the best Privacy and Security on a phone and also a LOT of Peace of Mind for the privacy concious people. 😉👍 Also been using it for a month now and I pretty much like it even if I had to get a Pixel for it, it was worth it!
Nicholas B.
Also I really hope that Android won't have the same fate as iOS, otherwise our only open-source option remaining is Linux.
GrapheneOS
@privacyfriendly Android Open Source Project and GrapheneOS are Linux. AOSP is open source and has a massive ecosystem built on the open source code. There are many stakeholders interested in continuing it. It would be a very messy situation if the original upstream stopped existing but it's entirely possible for development on it as an open source project to continue. It hopefully won't come to that. Ideally Android will be forcibly split from Google into a company friendlier to open source.
@Nicholas B.
Nicholas B.
OK, I understand it a bit better now. Thanks for the explanation! Let's HOPE For The BEST!
Dr0id
@privacyfriendly I have a question in a hypothetical framework. If that was like this in the end and Android closed completely... What would you do in that case??? Is it possible for you to participate in the development of an alternative Linux operating system like those already underway???
@Nicholas B.
tuxpingu
Well, I don't know what's going on in your heads, but whether people want to use Murena, Volla, etc., or GrapheneOS, that's up to the users themselves to decide... It's okay if you don't like each other, but making a statement like that is below the belt... As a GrapheneOS user, I feel embarrassed on your behalf... Just because you've teamed up with Motorola doesn't mean you have to be so arrogant... My two cents.
GrapheneOS
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@tuxpingu
GrapheneOS
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:

https://archive.is/SWXPJ
https://archive.is/n4yTO

Their founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.

Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
@tuxpingu
tuxpingu
Okay, they attacked you, told lies, whatever... Honestly, show some class and don't give a damn about their opinion. After all, you have a community behind you that stands by you... You know, let me put it this way: I tell the world that if it annoys me, I don't give a fuck.. You should try that too when someone gets on your nerves. It works wonders ;)
GrapheneOS
@Pingitux Our community should help us much more than they do with the attacks being perpetrated against GrapheneOS and our team. If that was happening then it wouldn't be causing nearly as much harm and we wouldn't talk about it as much as we wouldn't feel nearly as much pressing need to provide an alternative to their inaccurate and misleading claims.
@tuxpingu
tuxpingu
Have you brought it up in the community? That it's getting on your nerves and that you would like more support from the users?
tuxpingu
Also ich weiß ja nicht, was in euren Köpfen vorgeht aber: Ob die Menschen Murena, Volla und Co nutzen wollen oder GrapheneOS nutzen, dass sollen die user selbst entscheiden ..... Das ihr euch untereinander nicht leiden könnt okay, sei es drum, aber so ne Aussage abzuliefern ist unterhalb der Gürtellinie..... Da muss man sich als GrapheneOS User ja für eure Aussage regelrecht fremd schämen .... Nur weil ihr nun mit Motorola euch zusammengetan habt, heißt es noch lange nicht das ihr euch so überheblich ablästern müsst ..... Meine Meinung
GrapheneOS
@Pingitux Their products aren't at all what they claim but rather have poor privacy and atrocious security. They feel very threatened by GrapheneOS. Murena and iodé have engaged in many years of attacks on GrapheneOS including personal attacks on our team. They've engaged in absolutely vile fabrications and bullying aimed at directing harassment towards our team. Their communities have relentlessly targeted our team with harassment. You're pushing a false narrative about what's happening.
@tuxpingu
GrapheneOS
@Pingitux Here's the founder and CEO of /e/ and Murena linking to harassment content from a neo-nazi conspiracy site targeting our founder with fabrications:

https://archive.is/SWXPJ
https://archive.is/n4yTO

Their founder and CEO has regularly engaged in vile personal attacks on our including spreading harassment content directly from Kiwi Farms.

Debunking lies about GrapheneOS and our team along with providing accurate information countering their false marketing isn't what you claim it is.
@tuxpingu
tuxpingu
Yes, it may be that their products lag behind in terms of security, data protection, and patch levels.... A few independent bloggers/journalists should critically test their software and deliver an honest article.... Okay, and because they are personally attacking the founder of GrapheneOS, we have to stoop to their level, right?
GrapheneOS
@Pingitux We've posted accurate information debunking their attacks and addressing their false marketing. We've continued posting it because of continued attacks on GrapheneOS and our team. That's absolutely not stooping to their level. There's no reason for us to tolerate someone engaging in such blatant misrepresentations and lies about our project and team. You're going to achieve the direct opposite of silencing us. There's no reason for you to continue contacting us beyond trolling.
@tuxpingu
Cosmic Excursionist
seeing frequent hostility and drama come out of this account makes me want to switch off of GOS, despite really liking it. It makes me feel uncertain about the sustainability of the project and the character of people behind it. Hopefully the constant drama I am seeing doesn't represent the overall culture of the project. If not, please get someone else to manage the socials!
Ten wpis został zedytowany (3 miesiące temu)
Luis Falcon
@volla These type of divisive debates weaken the community and are the biggest gift to Google & Big Tech. We don't need fighting among the community. On the contrary, let's put the effort in building a large and diverse free/libre ecosystem in mobile computing.🤗
@Volla
GrapheneOS
@meanmicio @volla We aren't part of a shared community and we're not on the same side. Volla, Murena and iodé trying to put themselves in the position of being the ones choosing which operating systems people are allowed to run on their devices is wrong. It's not a solution to the Play Integrity API but rather a new problem we'll be fighting against too. We aren't going to allow either Google or Volla to erode app compatibility with GrapheneOS without facing opposition and consequences.
@Volla @Luis Falcon
Josen
I don't think "security" is ever the real concern here for the government. It's always about control with their limited understanding of cyber security.
eduX
people who are buying these phone execute a form of digital self-imprisoning.

Why are these walled gardens so attractive?
✧✦Catherine✦✧
are you talking with policymakers about this?
GrapheneOS
@whitequark We were actively engaging with the European Commission and others about it and this is going to seriously interfere with it. We don't want any companies or governments to be choosing which operating systems are allowed. It's a horrible idea and it puts us in a position where even if GrapheneOS is allowed then these companies or governments have leverage to make arbitrary demands. They can make anti-privacy and anti-security demands where not complying means losing app compatibility.
@✧✦Catherine✦✧
Roberto Piva
Is there any European citizen initiative to ban this kind of things? Can you help writing one? I would sign it
dristor
I know this has probably been asked to death, but how viable would be the develpment of an android-linux compatibility layer (same as wine) in order to have secure linux phones running android apps?
GrapheneOS
@dristor Android Open Source Project and GrapheneOS are Linux distributions. GrapheneOS is fully compatible with Android apps and has support for running the vast majority of apps depending on the Play Integrity API. GrapheneOS can run apps for non-Android operating systems via hardware-based virtualization. Hardware-based virtualization support will continue to be fleshed out both for running non-native apps and running Android apps with stronger isolation than the Linux kernel can provide.
@dristor
Paul_stilgar
@dristor

Is it me or grapheneos is only supporters on google pixel models ?
If yes why should we give money to google ?

#grapheneos #android
#android #grapheneos @dristor
Eskuero
sounds like they are just trying to ride the wave of Europe trying to break free of their reliance on american digital companies, which I completely agree, to grab power for themselves, which is still shitty and nothing to celebrate.

Thankfully my bank's app still works fine with gos and they also allow full web access anyway

GrapheneOSudostępnił to.

zivi
@eskuero
:neofox_thumbsdown: torment nexus

:neofox_thumbsup: european torment nexus
@Eskuero
Chaddicus
@eskuero would I be wrong to say that this alternative attestation would still preferable to Play Store Integrity? Perhaps there is some background to the people behind it that I am missing.
@Eskuero
GrapheneOS
@wombatpandaa @eskuero Neither is preferable if both ban using GrapheneOS...
@Eskuero @Chaddicus
Chaddicus
@eskuero oh, well of course! Has UAT indicated that they would, or is the concern more an expectation that they would follow in Google's footsteps and reject "unofficial" Android versions?
@Eskuero
Xtreix
Yes, we don't need a Play Integrity API under another name.
Ten wpis został zedytowany (3 miesiące temu)
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
what the fuck. that is absolutely horrifying

remote attestation is a technology that has no good uses. it's just drm

everyone should have the freedom to run whatever they want on their own devices. this freedom should never be taken away and it should be enshrined in law that it can never be taken away

someone else should not be able to decide whether my device is "secure" enough for their purposes. this is reverse security. the os needs to boot securely and the attestation chain should go upwards, with each stage verifying the ones on top of it. not this opposite world bullshit
GrapheneOS
@lumi Android's hardware-based attestation API would not cause these issues if it only had the pinning-based attestation we use as the basis for Auditor and omitted root-based attestation. The issue is having attestation roots which determine which hardware and operating systems are valid. Hardware-based attestation can be provided without any centralized authority determining which hardware and software is valid. It would still provide nearly all of what our Auditor app uses without roots.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi We support hardware-based attestation based on pinning for protecting users against attacks. Root-based attestation has extremely weak security due to depending on the entire ecosystem of devices not having vulnerabilities enabling leaking keys chaining up to the root. Pinning-based attestation can be used as a very strong security feature. Check out our Auditor app. It does use the root-based attestation for first verification but it would provide most of what it does without it.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
does this mean, if i build grapheneos myself and flash it on my device, i could still run all these applications?

and i mean without contacting any third party or anything like that

edit: woops. replied to the wrong post. was meaning to reply to the latest one. sorry
GrapheneOS
@lumi GrapheneOS supports the Android hardware-based attestation API. The API itself is a neutral approach which can support arbitrary roots of trust, non-stock operating systems verified based on verified boot key fingerprint and also has pinning-based attestation based on a proposal we made to Google before they stopped collaborating with us. Pinning-based attestation can be used with or without chaining up to a root for bootstrapping trust. It could exist without root-based attestation.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi The problem with the Android attestation API is that the documentation and libraries treat Google as the only root of trust and it's also inherently biased towards stock operating systems since it can verify those by simply checking for the green state instead of needing to allowlist keys for the yellow state. Even if apps used hardware-based attestation instead of the Play Integrity API, many wouldn't permit GrapheneOS and they'd still be limiting what people can use if they did allow it.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
i think it is fundamentally wrong that the app gets to decide what it runs on. it should not have this authority as it is completely backwards

if i wanted to run the most insecure system, i should still be able to run whatever apps i want, as long as all the apis are implemented

of course i don't want to run an insecure system. but it's my device so i should be able to do whatever i want
GrapheneOS
@lumi Apps wouldn't be able to disallow using operating systems via the hardware attestation API if it only supported pinning-based security and didn't have support for chaining up to a root. It's chaining up to a root which enables trusting only Google's root or specific roots permitted for specific alternate hardware. Similarly, there's the fact that they differentiate green and yellow where green trusts every OS approved by the root CA party vs. yellow requiring allowlisting fingerprints.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi We don't support using attestation to disallow using hardware or operating systems. We do support having hardware attestation for providing protection against device compromise. The issue is that the features provided can be used to disallow using devices instead of only protecting against compromise and notifying users if something is wrong. Apps notifying users their OS is missing security patches or lacks security features would be fine but we don't agree with banning using it..
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
i think i might be confused as to what the difference between root-based and pinning-based attestation is

is the one allowlisting the app or the system?
GrapheneOS
@lumi Root-based attestation is done by verifying certificates up to a root of trust which is a Google certificate authority for Google Mobile Services devices. The Android hardware attestation API is in fact not inherently biased towards Google itself but rather their documentation and open source sample libraries hard-wire their roots as the only ones which should be checked.

Android supports apps generating attest keys in the hardware keystore to use for signing attestations instead.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi These attest keys are meant to be pinned after the initial use and then used to enforce that subsequent attestations have trust chained from the initial verification. As long as the initial key was securely generated in the TEE or secure element and those have not been compromised with exploits then compromised apps or a compromised OS cannot fake the data. It chains trust from an initial starting point and does not limit which hardware or software can be used, the root approach does.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi The pinning-based approach was implemented so that you can verify the initial chain based on the root by enabling attestation for the attest key itself but it doesn't have to be used that way. It can be used to solely provide pinning-based attestation. Our Auditor app uses both but we don't consider root-based attestation to have much value. Any exploit of any TEE or secure element on any Android device that's certified can be used to get keys chaining to a root. It's not a secure system.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
oh! that makes sense then. so the app is checking that the system it initially verified on has the same trust as the system it is on right now

i still don't think it's the app's job to do this, but if people really want this, then heh, i don't really care
GrapheneOS
@lumi Yes, and the attestation metadata includes certain information set by the OS developers such as the patch level for the OS. As an example of how this can be used, consider 2 people talking to each other on Signal who both want it to be a highly secure conversation. There could be a way to opt-in to sending each other attestations as part of the verification. It could then enforce that it's the same devices talking to each other and that the patch level continues to be updated, etc.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi As an example, pretend that one of the 2 devices is compromised and the attacker stops allowing security patches. This would be visible in the attestation metadata and the attacker wouldn't be able to fake it without an early boot chain or secure element exploit. It could similarly provide more than it does today such as warning if the device hasn't been rebooted for a certain amount of time. This would all work fine without root-based attestation. Our Auditor app provides this stuff.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi Most of the companies using attestation want root-based attestation. They primarily want to use it to control which hardware and software people can use. Useful hardware-based attestation can be provided without enabling apps to do this. It can also be useful without being available to user installed apps but it's not harmful for it to be available to user installed apps if it doesn't provide a root-based system that's inherently anti-competitive. It's even actually very anti-security.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi Disallowing people using GrapheneOS is anti-security and that's exactly what apps using either the Play Integrity API or Unified Attestation API are going to be doing. Both are going to be allowing extremely insecure options without basic patches and protections but yet not permitting a hardened OS with much better security. As far as we're concerned the whole approach is both fraudulent and violates antitrust law. Fighting Google's influence is hard but fighting this won't be hard.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
so, if i built my own aosp rom, or decide to use an emulator run an aosp rom (for compat reasons, not security), could i pin my own certificates, to make (unmodified) apps work on my device without complaining?
GrapheneOS
@lumi Apps don't use the hardware-based attestation API directly in practice by rather using a service like the Play Integrity API choosing what's allowed. Unified Attestation is a group which wants to use hardware-based attestation to choose what's allowed themselves. We don't think hardware-based attestation should be used to choose which operating systems are allowed and also don't agree with this specific group we know are selling insecure products adding vendor lock-in for themselves.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi Apps don't use the hardware-based attestation API directly in practice by rather using a service like the Play Integrity API choosing what's allowed. Unified Attestation is a group which wants to use hardware-based attestation to choose what's allowed themselves. We don't think hardware-based attestation should be used to choose which operating systems are allowed and also don't agree with this specific group of companies selling insecure products adding vendor lock-in for themselves.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi Root-based attestation is can be used to bootstrap pinning-based approach to bootstrap initial trust in a weak way that's vulnerable to leaked keys and trusts a bunch of different parties which is what we do in our Auditor app. The real security model it uses is a Trust On First Use model to provide secure attestation going forward. The problem is Google or this new group declaring themselves as arbiters of what's allowed and using a root CA to allow only business partners.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
GrapheneOS
@lumi Apps should be able to use pinning-based attestation but root-based attestation as it exists today is inherently anti-competitive and anti-security. It locks people into using less secure hardware and software. The approaches should be differentiated. Any device can provide pinning-based attestation support including software emulation of it if they don't support the security features. Apps can use it with no loss of choice or privacy. Attestation roots are the abusive part.
@🌸 lumi-nhac :catbite: :no_ai: :antifa: 🌱
firedragon
The Nostr based app store called "Zapstore" has already solved this problem. Zapstore empowers developers to sign and release apps over the Nostr protocol without needing to get permission from any app store or from any governnent or any other entity.

The Zapstore already has most of the useful F-Droid apps, and anyone can release more apps.

Zapstore.dev
fox
So if Im understanding this correctly, what GOS wants is for apps to use an API that will interface with a hardware chip like the titan m2 and will report that the bootloader is locked etc and also report the signing key to apps? Then it would be up to the app to trust that key (which necessitates an allowlist of sorts maintained by apps individually). Is my understanding correct?
GrapheneOS
@pixelsfanryo No, your understanding is not correct. We want apps to start implementing proper server side security protections instead of using obfuscation and weak anti-tampering systems such as this to try to stop people looking at their code and experimenting with their services to find vulnerabilities. Apps shouldn't be enforcing using only specific operating systems. They're welcome to warn people about having an insecure OS but shouldn't be banning users from using what they want to use.
@fox
fox
If that is the case, then IMO uattest is actually better. A CA like uattest, as bad as it sounds, will probably be more amenable to allowing reasonably secure alternative OS like LineageOS. You only need to persuade one entity. While if each app gets to decide then you have to convince each dev, bank, gov to allow your OS. That doesnt sound very practical. And the uattest proposal can be implemented right now on most devices while most devices dont have a security chip at the moment.
Ten wpis został zedytowany (3 miesiące temu)
GrapheneOS
@pixelsfanryo No, your understanding is not correct. We want apps to start implementing proper server side security protections instead of using obfuscation and weak anti-tampering systems such as this to try to stop people looking at their code and experimenting with their services to find vulnerabilities. Apps shouldn't be enforcing using only specific operating systems. They're welcome to warn people about having an insecure OS but shouldn't be banning users from using what they want to use.
@fox
Bebef 🦦🇪🇺🏴‍☠️🏳️‍🌈🏳️‍⚧️🚙🐼🥦🚩🏴
The same stuff that you need attestation in a phone for usually can be done using just a computer with a web browser. No attestation needed.

The only thing that I can think of that requires this attention and integrity stuff is anything shady that you want nobody to look at. 🤔

And device ecosystem extortion, of course.
GrapheneOS
@Bebef You can do those things on a phone using a web browser too. On the other hand, a lot of functionality is exclusive to mobile apps from banks and governments which are increasingly locking out users from using anything but operating systems approved based on the business models of companies involved in mobile phones. Whether someone can use a device to run a banking app shouldn't be determined based on a decision from either Google or Volla/Murena/iodé. These companies have no place in it.
@Bebef 🦦🇪🇺🏴‍☠️🏳️‍🌈🏳️‍⚧️🚙🐼🥦🚩🏴
Isarblues
@adfichter
I know what you think of Murena and /e/OS. I know that you prefer hardware attestation for good reasons and reject Google's policy regarding the Play Integrity API. And I know that most banking apps work on GrapheneOS - I myself have been using GrapheneOS with a banking app for many years. But I wonder what to do if more and more app manufacturers get serious and make their apps installable exclusively via Play Integrity API. 1/3
@Adfichter
GrapheneOS
@isf @adfichter No, your understanding is not correct. We want apps to start implementing proper server side security protections instead of using obfuscation and weak anti-tampering systems such as this to try to stop people looking at their code and experimenting with their services to find vulnerabilities. Apps shouldn't be enforcing using only specific operating systems. They're welcome to warn people about having an insecure OS but shouldn't be ban users from using what they want to use.
@Isarblues @Adfichter
Isarblues
@adfichter
Wouldn't it then make sense or be helpful to have something like Unified Attestation as an alternative, even if there are many things to criticize about it? If the only option for me at some point were to have to use stock Android, then I (and many others too) would have a real problem. And it could be that Unified Attestation is then the only usable alternative, even if it's not perfect. 2/3
@Adfichter
Isarblues
@adfichter
Thats why i was asking and I'm specifically interested in what, from your point of view, speaks against the Unified Attestation approach from a technical (not political) perspective. And whether Unified Attestation could also be used with GrapheneOS.
I also think it would be desirable for the EU to intervene with regulations. But it won't do that; the EU won't do anything against Google's will, and it won't mess with the MAGA regime. We shouldn't wait for that to happen. 3
@Adfichter
GrapheneOS
@isf @adfichter An attestation system which bans using GrapheneOS while permitting operating systems not doing the bare minimum for privacy and security isn't legitimate. It's no more legitimate when these European companies do it than when Google does it. These companies are in no way neutral and not at all responsible when it comes to security. They shouldn't have any say in which operating systems are secure enough to run banking apps. It's absolutely ridiculous and unacceptable.
@Isarblues @Adfichter
Isarblues
@adfichter
Once again: I am aware that you have good reasons for not liking /e/OS etc.
And I am NOT defending /e/OS etc. here.
My question was what technical (not political) arguments there are against Unified Attestation, so that it could be used if necessary, if at some point there are perhaps no better alternatives. And whether I could then also use it on GrapheneOS, so that I don't have to switch to stock Android.
@Adfichter
GrapheneOS
@isf @adfichter It serves no purpose because Android already has a hardware attestation API. They're only putting themselves in control of choosing what's allowed where their insecure operating systems will be permitted but GrapheneOS won't be permitted. We're not going to tolerate it. What if we release a library which bans each of the operating systems participating in this and convince several apps to adopt it? How are they going to feel about that? We aren't powerless to act.
@Isarblues @Adfichter
Isarblues
Okay, you obviously don't want to answer my question objectively. That's unfortunate, because it makes you seem untrustworthy.
Or are you just a chatbot anyway?
GrapheneOS
@isf We answered your question. Android has a usable hardware attestation API which doesn't require these groups in charge of which operating systems should be permitted. It's something which should be decided by neutral parties without massive conflicts of interest. Companies selling devices should not be in charge of deciding which devices are allowed to be used for banking apps in Europe. What justification is there Volla, Murena and iodé to decide this instead of neutral parties?
@Isarblues
Isarblues
No, you haven't. You obviously haven't even read my question.
Once again: yes, they should. But what is to be done if the don't? That was my question.
As someone who has been using GrapheneOS for many years and supports the project with a monthly donation, I would have expected a factual question to be answered factually. Instead, you repeat political demands that I share, but which do not answer my question. This is unfortunate and makes you appear untrustworthy.
GrapheneOS
@isf This is worse than not doing something and will greatly interfere with ongoing efforts to convince apps to stop doing this. You can stop with the baseless claim that we're somehow untrustworthy because we're strongly against this in any form. In terms of GrapheneOS, it's another hostile anti-competitive API that's going to forbid using it but we're in a much stronger position to fight this since it's starting from zero adoption and only backing from tiny companies with fewer total users.
@Isarblues
Isarblues
It's very unfortunate that I'm obviously only reaching an arrogant chat bot here. I had hoped to get in touch with the creators of GrapheneOS.
Neo
@MrGR thats ok but what about rossmann? He had an argument with a dev that responded not so mature. He still was kinda polite and it's sad that he stopped using GrapheneOS. From what i've heard you suspended the devs work on the GOS project and so it would all be settled, yet you said some bad stuff about rossmann lastly. Thought that was all sorted out? Don't get me wrong, i really like GrapheneOS and what Rossmann otherwise supports but that beef hurts our community. Any thoughts?
@GrapheneOS @GeoRg
GrapheneOS
@MrGR They've been spreading misinformation about GrapheneOS and making personal attacks on our team for years. They were doing it long before we were regularly publicly defending ourselves from it. Debunking their attacks and providing accurate information isn't remotely in the same class as what they're doing. Each time people push these false narratives about GrapheneOS and make disingenuous claims about the ongoing situation, we'll defend ourselves that much harder against these attacks.
@GeoRg
GrapheneOS
@neogoth @MrGR That's an outrageously inaccurate story. Rossmann engaged in months of bullying towards the founder of GrapheneOS both privately and publicly. He also supported Henry Fisher's public bullying campaign based around fabrications. There's nothing polite about the toxicity he engaged in towards us. After swatting attacks from Henry Fisher's community targeting the founder of GrapheneOS, Rossmann live streamed himself trolling him and then followed it up making a video out of it.
@GeoRg @Neo
GrapheneOS
@neogoth @MrGR That video consists of targeting someone with bullying based on fabricating a false narrative about them and pushing tropes from the harassment/doxxing site where Rossmann is a member. Rossmann rants about people he dislikes on Kiwi Farms knowing they'll target thise people because they support him. Rossmann similarly knew the result of his incredibly dishonest video would be harassment and his phony justifications are thoroughly disproven at this point.

https://kiwifarms.st/members/larossmann.132201/
@GeoRg @Neo
GrapheneOS
@neogoth @MrGR Claims that anyone had their work suspended on GrapheneOS or left the project is false. The massive amount of harassment directed towards our project and particularly our founder resulted in a major drop in productivity and another developer had to take over doing code review and leading the development team. Spinning someone not being able to do their job anymore due to how much they were being harassed into that story is ridiculous. You should stop listening to the perpetrators.
@GeoRg @Neo
Neo
@MrGR oh damn, sorry i didn't know that, sounds like louis is kinda gaslighting people. Thanks for your clarification, i'll have a look on those kiwifarms posts and investigate more. Hearing that it harmed your project is very sad and i hope for you and your team that it'll get better soon. All that stuff from others also sounds like someone doesn't like that you are enabling phones to be nearly unhackable and as safe and privacy friendly as possible.
Keep up the great work!
@GeoRg
Neo
@MrGR i've edited it for the context, hope that suits you. I read through some Kiwifarms Posts, about Copperhead stuff and now I understand the situation that Daniel was in. I feel way better about using his code, clearly nobody is perfect and I can understand why he acted like this after all of that drama and hard work trying to safe his project. I also hope for Louis that he understands that too and gets supportive or atleast neutral again.
@GeoRg
Ben
Is this (unified attestation) an analog of whatever it is that google does in apps that ends up with things like banking apps needing google services? Or am I thinking of something completely different?
GrapheneOS
@tirohia It's another way for apps to forbid using arbitrary operating systems and instead only allow specific ones. In Google's case via the Play Integrity API that means permitting only operating systems licensing Google Mobile Services. That includes mostly insecure devices failing to provide patches. In this case it's a way to allow a specific set of operating systems developed in Europe which are failing to provide basic privacy/security patches and protections. It's actually anti-security.
@Ben
GrapheneOS
@MrGR We post factual information about the falsely marketed products from companies attacking GrapheneOS in response to their attacks. You're misrepresenting the situation and what we said. It's the opposite of supporting a project you use which is provided to you entirely for free.
@GeoRg
GeoRg
Ich verstehe euren Krieg gegen andere Custom-ROMs nicht. Eure eigentlichen Gegner sind doch die proprietären Betriebssysteme von Apple und Google, nicht andere Betriebssysteme, die von einer ganz kleinen Minderheit genutzt werden.
GrapheneOS
@MrGR They've waged a war against GrapheneOS and our team for years. No amount of misrepresentations from you about the situation and what we've said/done is going to change reality. The real enemies of GrapheneOS are the people trying to harm GrapheneOS and our team. Apple has done nothing to try to harm GrapheneOS. Apple makes products with substance behind their privacy and security claims. We wish Apple didn't have such an aversion to giving credit to others but it's not an attack on us.
@GeoRg
GrapheneOS
@bastian @MrGR We have many threads on this platform responding to attacks from these groups with links. If you want a particularly awful example, here's one of many cases where the founder and CEO of /e/ and Murena linked to harassment content targeting our founder. He has repeatedly spread fabricated stories and harassment content including from Kiwi Farms. In this case he linked a neo-nazi conspiracy site peddling the usual Kiwi Farms content.

https://archive.is/SWXPJ
https://archive.is/n4yTO
@Bastian Senst @GeoRg
GeoRg
@neogoth es scheint hier um interne Grabenkämpfe und persönliche Beleidigungen zu handeln. Wie schade! Es gibt doch wichtigeres zu tun, Menschen Alternativen zu #bigtech anbieten und sie zu überzeugen. @GrapheneOS
#bigtech @GrapheneOS @Neo
GrapheneOS
@MrGR @neogoth There haven't been any internal power struggles and people engaging in years of extreme harassment and libel towards our founder and other team members is not simply personal insults. You're repeatedly misrepresenting what's happening and downplaying it. If you're not going to do basic research into what's happening and has been happening in the past then you're not in a position to leave any informed responses or advice. You're taking away from GrapheneOS development right now.
@GeoRg @Neo
GrapheneOS
@bastian It's not clear why Volla and LineageOS are being brought up by @MrGR. Both Murena and iodé have both been heavily attacking GrapheneOS and our team with false claims, not Volla and LineageOS.

Unified Attestation is itself a form of attack on GrapheneOS and any other operating system that's not part of it. We posted a thread responding to that because it's going to have negative consequences for GrapheneOS users just as the Play Integrity API banning GrapheneOS already does today.
@Bastian Senst @GeoRg
GrapheneOS
@echedellelr No, we've never supported apps banning using operating systems. We've always been against the Play Integrity API. We support a neutral implementation of hardware-based attestation which isn't designed for blocking competing hardware and operating systems. We support regulations which forbid apps from banning alternative hardware and operating systems. We've been in active contact with multiple EU Commission groups over the years pushing for this and also regulators elsewhere.
@echedellelr
GrapheneOS
@MrGR @bastian Murena's operating system is a fork of LineageOS which heavily reduces both privacy and security compared to LineageOS. It lags far further behind on updates and adds many invasive services into the OS unlike LineageOS. LineageOS has not misled people about what it provides with a massive amount of false marketing. Unlike Murena, they also haven't attacked GrapheneOS with relentless misinformation as an organization. Murena's leadership and official project accounts have done so.
@Bastian Senst @GeoRg
GrapheneOS
@MrGR @bastian In order for users to make an informed decision about what they want to use, they need to have accurate information available. Murena's false marketing stops people from making an informed decision. Someone misled into using their products due to believing it provides privacy and security it doesn't based on their false marketing wasn't given a chance to make an informed decision. Providing accurate information gives people a chance to choose what they want to use properly.
@Bastian Senst @GeoRg
GeoRg
Ich wundere mich, dass du so viel Zeit dafür verwendest, eure Angriffe gegenüber andere zu rechtfertigen. Ich denke mal, dass die Nutzer selbst entscheiden können, für welches System sie sich entscheiden. Eure Öffentlichkeitsarbeit gegen andere Mitbewerber bewirkt eher das Gegenteil von dem, was ihr beabsichtigt! Wenn mich GrapheneOS nicht überzeugen würde, würden eure aggressiven Posts mich von euch eher abstoßen. Du überschätzt die Bedeutung von Gael (eos) und IODE. @bastian
@Bastian Senst
Ten wpis został zedytowany (3 miesiące temu)
GrapheneOS
@MrGR @bastian There's a clear difference between publishing accurate information about products in response to false marketing from what they're doing. You're conflating their years of making inaccurate claims about GrapheneOS to mislead people into believing it isn't suitable for them with providing accurate information in response. It's not wrong to provide accurate information about products. It is wrong to lie about GrapheneOS and our team to promote their products. Those aren't the same.
@Bastian Senst @GeoRg
GeoRg
Für euch wäre es wichtiger, dass ihr Partner findet, die Handys mit vorinstalliertem GrapheneOS anbietem und vermarkten, damit mehr Leute zu GrapheneOS wechseln können. Da sind Volla, Iode und Murena euch voraus. Ich verspreche mir von dem Motorola Handy mit GrapheneOS viel.
@bastian
@Bastian Senst
GrapheneOS
@MrGR @bastian There are already companies selling devices with GrapheneOS preinstalled. We don't want to have devices lacking important privacy and security patches/protections. Those products aren't in the same space as GrapheneOS in the first place. It's easy to churn out insecure devices and support for those. Working with a large OEM to build far more secure devices meeting our requirements is not something any of those companies have done or are doing. How exactly are they ahead of us?
@Bastian Senst @GeoRg
GeoRg
dann zeigt doch mal einen aktuellen Link zu so einem Beitrag. Bislang habe ich dazu nichts gesehen. Und bitte keinen Post von X. Ich bin nicht bei X. @bastian
@Bastian Senst
GeoRg
für euch ist doch vor allem entscheidend, dass euer eigenes Betriebssystem für europäische Banking Apps und Wallet Apps genutzt werden kann.
GeoRg
@bastian Auch mir werft ihr jetzt vor zu lügen. Ich bin entsetzt über eure Art mit anderen zu kommunizieren. Ihr enttäuscht mich sehr.
@Bastian Senst
Neo
@MrGR yeah got it, sorry. If you wanna add something to clarify, feel free, i'd like knowing whats the reason for all that if you have the time for it. If not, it's all good. No need to reply here if you don't have the time for it.
@GeoRg
GeoRg
@bastian ich konnte auf dem Account von @gael keinen einzigen Post über GrapheneOS finden.
@Gaël Duval - /e/OS & Murena @Bastian Senst
Adam Honse
I don't want attestation to begin with. Software should not care what hardware it's running on and hardware should not care what software it's running. Bootloader locking should be at the whim of the device's owner not the companies that made it, and it should be optional with the option to enroll your own keys if you wish to use it. Moving ownership from Google to another company doesn't solve the inherent problem here. I own my device, not the manufacturer.
GrapheneOS
@CalcProgrammer1 It's possible to provide features based on hardware attestation for end users without providing a form of it usable by apps to ban using alternative hardware and software. Unfortunately, the primary way that it's being used is controlling which hardware and software people are allowed to use including banning alternatives to iOS and Google Mobile Services Android. European companies making their own system banning anything other than OSes participating it is awful too.
@Adam Honse
GrapheneOS
@MrGR Every operating system should be allowed to be used with European banking and wallet apps as long as they implement the technical requirements. It certainly shouldn't be up to for-profit companies selling products and services whether it's Google or Volla to determine which devices and operating systems are allowed to be used. If banks and governments insist on it being implemented then it should be done by a neutral organization not controlled by companies allowing only their products.
@GeoRg
GrapheneOS
@MrGR @bastian You're continuing to lie about us and misrepresent what's actually happening. Our efforts at countering the false marketing from these groups and their recent efforts to put themselves in control of which operating systems people are allowed to use for European banking and governments apps are working out fine. Your efforts to attack us by misrepresenting what we're saying and doing along with the context for it are fruitless and not achieving anything. All you've gained is a ban.
@Bastian Senst @GeoRg
GrapheneOS
@MrGR @bastian We provided you with archive links and can provide many more if you look at that and acknowledge it.
@Bastian Senst @GeoRg
Daniel
the system is open source, what stop you to implement it and even better contributing to it to improve security?
Because this system is a very good idea to reinsure the banking company and European Union and it create a viable alternative to the Play Integrity.
Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.
The responsibility will remains on the apps for consumer protection so we need an alternative to make it that way and Graphene OS is not providing anything for that.
GrapheneOS
@DanielDNK This system isn't open. It's a proprietary centralized service built on top of standard Android hardware attestation. The entire purpose of Unified Attestation is centralizing control of which operating systems are allowed with the companies running it. It's absolutely unacceptable to have these companies control over whether apps adopting it can run on GrapheneOS. Participating would help to legitimize this anti-competitive power grab and would give them veto power over app compat.
@Daniel
GrapheneOS
@DanielDNK It would give these companies the power to sabotage GrapheneOS through breaking app compatibility at any point they choose. It would give them leverage to make arbitrary harmful demands of GrapheneOS. The system is fundamentally anti-competitive and breaks competition laws.

As soon as this system is adopted by app which begins permitting these operating systems but not GrapheneOS, we intend to file a lawsuit against these companies and will also raise their existing attacks too.
@Daniel
GrapheneOS
@DanielDNK

> Your approach to just say the security rely on the user didn't convince any big firm as they are legally still responsible in case of issue and the law on that is still protecting consumers.

Absolutely not true. We convinced at least a dozen apps to stop using the Play Integrity API. We convinced several apps to begin permitting specific alternate operating systems which were unwilling to stop using it. You should read what we wrote in the thread about a proper approach to this.
@Daniel
Daniel
and why do you say it's not open source, the code seems available, which part do you see hidden and proprietary?
GrapheneOS
@DanielDNK Unified Attestation is a thin wrapper around Android hardware attestation which solely exists to make themselves into a centralized authority for controlling which devices and operating systems will be allowed through it. They haven't turned the overall Android hardware attestation feature into an open source one by layering this on top of it. The only part of Android hardware attestation that's open source is the OS. The overall system doesn't have an open source implementation yet.
@Daniel
GrapheneOS
@DanielDNK A centralized service which permits only specific devices and operating systems without it being possible to host it elsewhere is not open.
@Daniel
GrapheneOS
@DanielDNK A centralized service which permits only specific devices and operating systems without it being possible to host it elsewhere is not open.

Since you created your account in May 2025 and began interacting with us, you've made a large amount of inaccurate claims about GrapheneOS and related topics in response to our posts. You've repeatedly engaged in very clear concern trolling. We aren't interested in further replies from you making false claims. Either stop or we'll stop it.
@Daniel
Volla
The opposite is true: this is an initiative for an open-source, transparent, and publicly verifiable certification. The Graphene OS team is also invited to join the consortium or simply use UnifiedAttestation for free. The intention is to promote competition and alternatives.
GrapheneOS
@volla Android already has a standard hardware attestation API. The sole purpose of your Unified Attestation system is a power grab where you put yourselves in control of what's allowed to be used. You do not get to make any demands of GrapheneOS in order for it to be permitted. It's not legal for you to make a system which forbids using other options to your products unless those join your cartel and comply with your demands. You aren't a neutral party and have massive conflicts of interest.
@Volla