Google Play Integrity places customized ROM app help in jeopardy

Android’s openness as a platform is a little bit of a double-edged sword. On one hand, that empowers customers to discover apps from sources exterior the Play Retailer, and even experiment with customized ROMs. However that additionally leaves builders of security-minded apps in a difficult place, as they don’t know if they’ll belief what different apps and even the working system itself is speaking. That’s led to the event of frameworks like Play Integrity, an API that devs can use to make sure their apps are solely working on “real” Android gadgets. However as extra apps begin imposing Play Integrity checks, that’s inflicting some critical complications for modders within the customized ROM neighborhood.

The concept of Play Integrity inflicting complications for anybody working something notably customized is hardly new, and earlier this yr we noticed Google utilizing the API to block entry to sending RCS messages on customized ROMs — supposedly an effort to stop spammers from sending automated texts. The latest difficulty to floor considerations the multi-factor authentication app Authy, which (recent off an embarrassing hack) simply began imposing Play Integrity checks, resulting in reviews of damaged operation on GrapheneOS.

GrapheneOS’s neighborhood supervisor took the problem to X, confronting Google’s Shawn Willden, who works on Android’s hardware-backed safety subsystems. Willden doesn’t mince phrases in regards to the state of affairs Play Integrity finds itself in on the subject of customized ROMs, writing, “If it’s not an official OS, we’ve to imagine it’s unhealthy.”

That doesn’t imply that customized ROMs are useless, or that apps utilizing Play Integrity won’t ever have an opportunity to run on unofficial Android builds sooner or later. In actual fact, Willden expresses that his group and a few Google administration vary from optimistic to enthusiastic in regards to the thought of engaged on a course of to certify third-party ROMs and get them passing Android’s Compatibility Check Suite. However the issue actually appears to be curiosity — there simply aren’t sufficient folks utilizing customized ROMs on their telephones (and experiencing these issues with apps refusing to run as a result of Play Integrity checks) to be definitely worth the time funding in placing collectively a program to work with the groups behind “prime quality” ROMs and develop the type of belief and relationships essential to deliver these tasks in underneath the safety of Play Integrity.

Whereas that’s a minor cop-out on Google’s half, the corporate’s strategy right here actually does sound pragmatic. The huge majority of Android customers are involved with the integrity of their consumer expertise on mainstream gadgets working mainstream software program. Ought to neighborhood efforts as a substitute deal with third-party builders themselves, and dealing with them to launch apps that don’t insist on Play Integrity checks? There’s multiple approach to go right here, and if you happen to’re curious we actually advocate trying out the entire thread on X; it’s an enchanting have a look at the failings that exist within the the present system (like inadequate checks on customers working present software program, letting them roll again to older code with out this enforcement) for readers within the full image.