European Consortium Wants Open-Source Alternative To Google Play Integrity (heise.de) 46
An anonymous reader quotes a report from Heise: Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decides on Android smartphones with Google Play services whether banking, government, or wallet apps are allowed to run on a smartphone.
Obstacles and tips for paying with an Android smartphone without official Google services have been highlighted by c't in a comprehensive article. The European industry consortium now wants to address some problems mentioned. To this end, the group, which includes Murena, which develops the hardened custom ROM /e/OS, Iode from France, and Apostrophy (Dot) from Switzerland, in addition to Volla, is developing a so-called "UnifiedAttestation" for Google-free mobile operating systems, primarily based on the Android Open-Source Project (AOSP).
According to Volla, a European manufacturer and a leading manufacturer from Asia, as well as European foundations such as the German UBports Foundation, have also expressed interest in supporting it. Furthermore, developers and publishers of government apps from Scandinavia are examining the use of the new procedure as "first movers." In its announcement, Volla explains that Google provides app developers with an interface called Play Integrity, which checks whether an app is running on a device with specific security requirements. This primarily affects applications from "sensitive areas such as identity verification, banking, or digital wallets -- including apps from governments and public administrations".
The company criticizes that the certification is exclusively offered for Google's own proprietary "Stock Android" but not for Android versions without Google services, such as /e/OS or similar custom ROMs. "Since this is closely intertwined with Google services and Google data centers, a structural dependency arises -- and for alternative operating systems, a de facto exclusion criterion," the company states. From the consortium's perspective, this also leads to a "security paradox," because "the check of trustworthiness is carried out by precisely that entity whose ecosystem is to be avoided at the same time". The UnifiedAttestation system is built around three main components: an "operating system service" that apps can call to check whether the device's OS meets required security standards, a decentralized validation service that verifies the OS certificate on a device without relying on a single central authority, and an open test suite used to evaluate and certify that a particular operating system works securely on a specific device model.
"We don't want to centralize trust, but organize it transparently and publicly verifiable. When companies check competitors' products, we can strengthen that trust," says Dr. Jorg Wurzer, CEO of Volla Systeme GmbH and initiator of the consortium. The goal is to increase digital sovereignty and break free from the control of any one, single U.S. company, he says.
Obstacles and tips for paying with an Android smartphone without official Google services have been highlighted by c't in a comprehensive article. The European industry consortium now wants to address some problems mentioned. To this end, the group, which includes Murena, which develops the hardened custom ROM /e/OS, Iode from France, and Apostrophy (Dot) from Switzerland, in addition to Volla, is developing a so-called "UnifiedAttestation" for Google-free mobile operating systems, primarily based on the Android Open-Source Project (AOSP).
According to Volla, a European manufacturer and a leading manufacturer from Asia, as well as European foundations such as the German UBports Foundation, have also expressed interest in supporting it. Furthermore, developers and publishers of government apps from Scandinavia are examining the use of the new procedure as "first movers." In its announcement, Volla explains that Google provides app developers with an interface called Play Integrity, which checks whether an app is running on a device with specific security requirements. This primarily affects applications from "sensitive areas such as identity verification, banking, or digital wallets -- including apps from governments and public administrations".
The company criticizes that the certification is exclusively offered for Google's own proprietary "Stock Android" but not for Android versions without Google services, such as /e/OS or similar custom ROMs. "Since this is closely intertwined with Google services and Google data centers, a structural dependency arises -- and for alternative operating systems, a de facto exclusion criterion," the company states. From the consortium's perspective, this also leads to a "security paradox," because "the check of trustworthiness is carried out by precisely that entity whose ecosystem is to be avoided at the same time". The UnifiedAttestation system is built around three main components: an "operating system service" that apps can call to check whether the device's OS meets required security standards, a decentralized validation service that verifies the OS certificate on a device without relying on a single central authority, and an open test suite used to evaluate and certify that a particular operating system works securely on a specific device model.
"We don't want to centralize trust, but organize it transparently and publicly verifiable. When companies check competitors' products, we can strengthen that trust," says Dr. Jorg Wurzer, CEO of Volla Systeme GmbH and initiator of the consortium. The goal is to increase digital sovereignty and break free from the control of any one, single U.S. company, he says.
If you're an EU citizen (Score:5, Informative)
write to your representatives, the convenient list of everyone who can do something about it is here:
https://keepandroidopen.org/ [keepandroidopen.org]
There are also appropriate links with contacts for many other jurisdictions that are important to google.
what about googles play to make it hardware to sid (Score:2)
what about googles play to make it hardware to side load will the EU stop that?
Re: what about googles play to make it hardware to (Score:2)
At the moment there's not enough pressure would be my guess, as this is what the commission is sending as a canned reply:
Dear citizen,
Thank you for contacting us and sharing your concerns regarding the impact of Googleâ(TM)s plans to introduce a developer verification process on Android. We appreciate that you have chosen to contact us, as we welcome feedback from interested parties.
As you may be aware, the Digital Markets Act (âDMAâ(TM)) obliges gatekeepers like Google to effectively allow t
Re: (Score:2)
Re: (Score:3)
Given the recent EU rulings about allowing alternative app stores I can't imagine any additional EU rules will need to be passed to stop Google from blocking side loading. I suspect a court would simply find that a ruling which forces the allowance of running an an alternate app store can't block the choice that alternate app store places on what runs on the device.
Deciding who 3rd parties can do business with is a literal core component of antitrust violations, and Google has lost multiple such legal argum
Re: (Score:2)
You're not understanding what is being blocked here. Google plans to block anything from being installed, sideloaded or via an alternative app store, that wasn't written and signed by a developer Google has given permission to.
So the days of being able to write your own app and sideload it are basically fast closing. Technically you can do that, but you have to identify yourself to Google and pay them hundreds of dollars, which is out of the question for anyone that values privacy or doesn't have a huge wad
Re: (Score:2)
You're not understanding what is being blocked here. Google plans to block anything from being installed, sideloaded or via an alternative app store, that wasn't written and signed by a developer Google has given permission to.
You are not understanding what is occurring.
The EU Digital Services Act [europa.eu], requires developers to display their contact information. The DSA requires Google to provide / enforce this on Android. They do so by requiring developers to register and then linking that registration information to Android apps, whether distributed via the Google App Store or an alternative app store.
Re: (Score:2)
It does not require any enforcement for explicit user actions. The DSA does not mandate that Google block sideloading, it mandates the Google force developers to display the required information on Google's app store. Something they can do without requiring signing for sideloaded apps.
Google's App store is Google's business. How you run your phone is not. Don't falsely defend Google under the guise of the DSA here. I'm going to assume you did this unintentionally but you sound like a paid shill spreading fa
Re: (Score:2)
You're not understanding what is being blocked here. Google plans to block anything from being installed, sideloaded or via an alternative app store, that wasn't written and signed by a developer Google has given permission to.
I very much understand it and that is exactly what I'm talking about in the post. Google are forced to include 3rd party app stores, so the fact that they are proposing to block apps is precisely why this would fall afoul of antitrust laws. You can't tell a third party who they can and can't do business with.
i want my tap to pay! (Score:1)
My phone is like 4 years old and hasn't gotten security updates for over a year, but i can us tap to pay and my banking app even though there may be vulnerabilities on my phone.
if i were to install e/OS on it to get security patches... i couldn't get tap to pay (or my banking app ) to work because of the attestation thing.
There is no workaround afaik.
It's kind of a weird situation.
It's great that this is getting government level attention. I hope it bears fruit and that US credit card companies and banks
Re: (Score:2)
Re: (Score:2)
As always, it's those who are honest that suffer the most. Don't believe me? Go install a custom ROM or sideload
Re: (Score:2)
if i were to install e/OS on it to get security patches... i couldn't get tap to pay (or my banking app ) to work because of the attestation thing.
Switch banks. This has nothing to do with Google's Key attestation API and banking apps have no problem at all using tap to pay on e/OS. Any bank that implements its own tap to pay system on their app works just fine. It's only apps that defer to Google Pay to manage payments which don't work. But if you're using e/OS you've made a conscious choice to avoid anything and everything Google in the first place so lay in the bed you made.
Re: i want my tap to pay! (Score:3)
My daughter has an electric toothbrush. There's an app for it that supposedly makes brushing your teeth a fun game and she wanted to try it. So I grabbed an old OnePlus running LineageOS from the drawer and installed it for her.
On load "this device doesn't meet blah blah security standards..."
WTF
Re: (Score:2)
Re: (Score:2)
It's a type of "flex" where you're saying to everyone around you: "look at me, I'm associated with this brand." When you pay with your phone--or even your watch--you're signaling that you're part of an in-group. And because these corporations exploit our innate tribalism, it's an inherently rewarding experience... even if ultimately you're just a walking, talking advertisement.
Practically speaking, I guess it's convenient if you're already on your phone 24/7. But for people who haven't been infected by the
Re: (Score:1)
In this particular case it IS an example of innovation rather than legislation. That is, they're developing a competing API, and the software and service to implement it that apps MAY use. The government part so far is just saying that their government apps are eager to use this new service if it pans out. That's kinda like saying they're willing to use OpenOffice instead of Microsoft Office.
Re: (Score:1)
Linux was created in Finland and Android is based on it.
Re: Cant innovate, so they regulate.. (Score:3)
â¦none of which are German nor Brussels-technocrats, and they are not involved in this.
Linux is EXACTLY the way it SHOULD be going, instead of bureaucratic political regulation.
I am not advocating for Google and Apple, I am against this weird EU regulating everything to death.
I wish there were way more examples like Linux! THAT is my point.
Re: (Score:2)
Without regulation, even the weak shit in the USA, Linux would've been crushed by Microsoft very early on. The USA's own antitrust trials against MS probably made them cautious of any moves like that...
Overlordship (Score:4, Insightful)
Attestation is stealing control from the owners of the device. That is why google wants it so badly. They want you to pay for the device, but then have full control over what you can and cannot do with it. That a consortium wants to take that control from google is understandable, but still evil.
Attestation is basically "you might be root, but I am your king".
Why I had to leave LineageOS (Score:5, Interesting)
All the apps started refusing to work. And it wasn't just banking apps. Even parking apps wouldn't work. I reached my limit when my savings provider notified me on a 3-day notice that I would lose access because my phone ran a non-compliant OS.
Re: (Score:3)
All the apps started refusing to work. And it wasn't just banking apps. Even parking apps wouldn't work. I reached my limit when my savings provider notified me on a 3-day notice that I would lose access because my phone ran a non-compliant OS.
I would have told them to get fucked and immediately started looking for a new bank.
Seems a very odd situation where you'd lose access to your own money simply because the bank doesn't like your OS. Pretty sure that kind of thing would be well and truly illegal in most developed nations.
Re: (Score:2)
I would have told them to get fucked and immediately started looking for a new bank.
You think you're going to find a bank which doesn't require vendor-provided app security?
Seems a very odd situation where you'd lose access to your own money simply because the bank doesn't like your OS.
It's extremely normal for banks to have requirements like these. Mine has informed me that my Android version is too old so I will lose access next year or so. They've been trusting this device, but it's now becoming a pumpkin.
Re: (Score:2)
I did have mobile banking apps on my phone at one point, and I just setup Magisk to ensure
Re: (Score:2)
Does your bank literally require a smart phone?
It does if I want to deposit checks, like every other bank I'm aware of. If I just want to check my balance, I can do that through the website. But sometimes I do get checks, several times per year typically including at tax time (since I am not stupid enough to trust the feds with permission to empty my bank account) and I like to have a way to deposit those.
Re: (Score:2)
Does your bank literally require a smart phone?
It does if I want to deposit checks, like every other bank I'm aware of. If I just want to check my balance, I can do that through the website. But sometimes I do get checks, several times per year typically including at tax time (since I am not stupid enough to trust the feds with permission to empty my bank account) and I like to have a way to deposit those.
This is another anachronism that doesn't exist in most countries.
I can count the number of cheques I've dealt with in the last 10 years on one hand and half of those were refunds for VED (Vehicle Excise Duty) from the DVLA when I sold a car.
Cheques are not that common, so uncommon in fact that most people just post them to the bank. You can also deposit cheques at any post office in the UK if you need the funds to clear quickly, no need for a crappy app or for the bank to dictate what you can and can'
Re: (Score:2)
Checks are not convenient, they expose your signature / bank routing / personal information, take longer to deal with when subject to fraud claims, subject to processing holds / delayed release of funds at some banks, and are prone to human error caused by piss poor handwriting. To say nothing about using a phone to process th
Re: (Score:2)
I would have told them to get fucked and immediately started looking for a new bank.
You think you're going to find a bank which doesn't require vendor-provided app security?
Erm... I already have 3. Banks where I can just use the website instead of being forced into a shitty app. It's standard operating procedure for banks in most countries as banks are responsible for security and can't legally transfer that responsibility to third parties. So a website controlled by the bank is the easiest way to do that.
Seems a very odd situation where you'd lose access to your own money simply because the bank doesn't like your OS.
It's extremely normal for banks to have requirements like these. Mine has informed me that my Android version is too old so I will lose access next year or so. They've been t
Re: (Score:2)
Re: Why I had to leave LineageOS (Score:2)
In this case, it was to savings. It was an app-only provider.
Re: (Score:1)
Re: Why I had to leave LineageOS (Score:2)
Nope. Fintech provider of government-backed saving accounts in the UK. App only. No webapp at all.
Re: (Score:1)
Re: (Score:2)
Nope. There's no card of any kind. And it's not the only provider of this kind. There are numerous fintech companies here in the UK which provide app-only access. I specifically looked for one that didn't require the safety / integrity check but they decided to change their ways on a 3-day notice in 2 months from when I got an account with them.
Re: Why I had to leave LineageOS (Score:2)
I pointed out the fact that short notice was not enough but they simply replied with "we're doing a release in 3 days, it's your problem, bye"
'Open Source' (Score:2)
I'm not denying that this proposal is technically open source; it's just attestation, like tivoization, is one of those places where essentially none of the control is based on obfuscated proprietary blobs, so
Trusting liars (Score:2)
These schemes serve little purpose other than serving as an excuse to enforce vendor control and planned obsolescence.
If a device is compromised all it needs to do is lie to the software or modify its execution. These are just additional hoops with no basis in reality and have never been able to provide useful guarantees about state of systems. Even with hardware attestation whatever someone did to compromise the system they can simply redo later after device startup.
/e/OS user here - what will this validate? (Score:3)
So,I run /e/OS, and have done so for years. I don't understand what this will validate.
At present, Play Integrity is a means of telling apps that the software that's *actually* running on a phone, is the software that Google *expects* is running on the phone. Now, *in and of itself*, I don't see that as being a problem, because if Google says "this is a modified OS" or "this is a modified bootloader", apps can ignore this fact if it's simply informational. I submit that there should be a requirement for apps to divulge whether they will refuse to run if they are informed of a modified software stack, but any attestation mechanism should be limited in that way.
But let's assume that it's the case - as far as I'm aware, that's how it currently stands. The answer to ""Who" is validating "What"" is pretty simple: "Google is validating that unmodified software is running on hardware". An open source attestation mechanism breaks basically all of this.
an "operating system service" that apps can call to check whether the device's OS meets required security standards
So, even if we limited this to official builds of /e/OS and iodeOS (which is a big "if", since both have community builds, and are derivatives of LineageOS, and each have downstream derivatives), now, the app is trusting /e/OS...that the build is unmodified, of software that requires an unlocked bootloader in nearly all instances of its installation? Both OSes have integrated adblockers and other privacy tools, and MicroG that spoofs other data required for apps to run as if there were Google Play Services installed...so, are they saying "we solemnly swear that all of the anti-tracking, adblocking, and signature spoofing meets security standards"? Seems like conflicting signals to me.
a decentralized validation service that verifies the OS certificate on a device without relying on a single central authority
If we're stretching "decentralized validation service" to include the public key infrastructure that handles standard Sectigo/Thawte certificates, I guess maybe...but if we're talking something closer to the blockchain...what bank is trusting an anonymous group like that?
and an open test suite used to evaluate and certify that a particular operating system works securely on a specific device model.
Can we define "securely" here, and how a "specific device model" would factor in? Is even /e/OS looking to close the door on rooting and other kinds of mods? Is this the end of the road to /e/OS's community builds? Is this the sort of scenario where the presence or absence of Magisk would alter the calculus? If so, then why would a user choose an /e/OS device - especially if it means the removal of the MicroG mods that make regular Android apps work - over a stock Google phone?
I just can't see how this config can simultaneously keep the modders happy - the people who run /e/OS on their devices and donate to it - along with the banks and other companies who would want reliable attestation.
Re: (Score:2)
Correct. This is attempt to use the literal FUD caused by the Trump administration. to see if its possible to have a real alternative to running banking/parking/id apps on custom rom sets.
The catch is that either the writer or the press publisher do not understand the distribution mechanics at play. Play Integrity exist to make a man in the middle attack via distributing preinstalled phones harder. If they could get a larger OEM like Xiaomi or Samsung on board, this is a very different issue, but at the end