GrapheneOS (@GrapheneOS@grapheneos.social)
grapheneos.social
These checks aren't a security feature in practice. If an app doesn't need to comply with regulations forcing this, it shouldn't do it. If it has to be done, apps should use the Android hardware attestation API to permit GrapheneOS and other OSes meeting the requirements too.

We’ve added a JSON API making it easier for services to permit GrapheneOS in addition to Google-certified operating systems:

https://grapheneos.org/attestation.json https://grapheneos.org/attestation.json.sig

The verifiedBootKeys array lists GrapheneOS key fingerprints to permit via Android hardware attestation.

It can be extended with a list of key attestation root certificates once we have devices using an alternative to Google’s Android key attestation ecosystem. Each of will have their own certificate revocation list for apps to check if they care. There’s no need for anything more.

Apps which are forced by regulations or liability reasons to implement integrity checks should use the standard Android hardware attestation API. The Play Integrity API is insecure and anti-competitive. The Play Integrity API creates massive legal liability for the apps using it.

Directly using hardware attestation is far superior to the Play Integrity API. It improves security, enables support for more than Google-certified operating systems and avoids a dependency on an aggressively rate-limited Google service with poor reliability breaking your app.

We provide a guide for app developers on moving away from the Play Integrity API to the standard Android hardware attestation API to permit GrapheneOS at https://grapheneos.org/articles/attestation-compatibility-guide. It can also be used to permit other operating systems. We plan to update and overhaul our guide soon.

Android’s hardware attestation API is biased towards stock operating systems but fully supports allowing alternatives. It fully supports arbitrary roots of trust instead of only the Google-certified hardware ecosystem. There’s no need for a non-Google Play Integrity API on top.

Apps should permit people to use any device or operating system. Security shouldn’t rely on client-side checks which can be bypassed. Apps forced to do this by regulations and industry standards should use this instead of the extraordinarily anti-competitive Play Integrity API.

Play Integrity API has nearly non-existent security standards. The highest tier strong integrity level permits being up to a year behind on the official dates for security patches for Android 13+ and indefinitely far behind for an older version, even being 8 years out-of-date.

Leaked keys chaining up to Google’s roots of trust are abundant. Most devices don’t support the less insecure remote key provisioning system with shorter lives for keys. Root-based attestation is only as secure as the least secure devices, and those are absolutely atrocious.

These checks aren’t a security feature in practice. If an app doesn’t need to comply with regulations forcing this, it shouldn’t do it. If it has to be done, apps should use the Android hardware attestation API to permit GrapheneOS and other OSes meeting the requirements too.