The topic is primarily Europe where these companies are based are trying to convince banks to put them in charge of which devices can be used. Meanwhile, their hardware and software is known to have atrocious security and fails to do the bare minimum for security. We'll be taking multiple actions.
Someone knowingly spreading AI slop content about GrapheneOS with a bunch of misrepresentations and fabrications about GrapheneOS is not going to be following us. It's made worse by the fact that you're linking to it via a thread filled with lies and links to harassment content targeting our team.
A group of companies selling objectively insecure products failing to provide basic security patches and protections have no place being the arbiters of which hardware and software is secure enough to run European banking apps. If you think we're going to do nothing to fight back, you're wrong.
No, that's not how it works and this is not an industry standard. Both the Play Integrity API and Unified Attestation API are going to be banning GrapheneOS. Play Integrity API is Google being anti-competitive and Unified Attestation API is a group of wanting a similar position for themselves.
People following our social media accounts and participating in discussions about GrapheneOS are held to the same expectation of not posting AI slop. You've posted a story with outrageous fabrications about GrapheneOS from an author on a site who posts weekly AI slop about GrapheneOS for views.
Murena and iodΓ© both engaged in attacks on the GrapheneOS project following the state attacks by France because they sensed an opportunity to harm us. The way the story you've linked is misrepresenting what we said and spinning the overall situation is ridiculous and matches the other content there.
Linking this highly inaccurate AI slop about GrapheneOS violates one of the core rules of our community:
discuss.grapheneos.org/d/11951-ai-g...
Murena and iodΓ© have been attacking the GrapheneOS project and our team for years. It's absolutely true that they're trying to undermine and harm it.
They're only going to be allowing operating systems they choose to allow and will require those to include their code. It's going to ban using apps on GrapheneOS while permitting their own insecure operating systems. How is that not anti-competitive? Do you want fewer apps working on GrapheneOS?
They're only going to be allowing operating systems they choose to allow and will require those to include their code. It's going to ban using apps on GrapheneOS while permitting their own insecure operating systems. How is that not anti-competitive? Do you want fewer apps working on GrapheneOS?
They're only going to be allowing operating systems they choose to allow and will require those to include their code. It's going to ban using apps on GrapheneOS while permitting their own insecure operating systems. How is that not anti-competitive? Do you want fewer apps working on GrapheneOS?
You can already use Curve Pay and numerous European banks for tap-to-pay on alternate operating systems. This initiative is going to erode that rather than improving it. These companies want to put themselves in charge of deciding which operating systems people are allowed to use in Europe.
You can already use Curve Pay and numerous European banks for tap-to-pay on alternate operating systems. This initiative is going to erode that rather than improving it. These companies want to put themselves in charge of deciding which operating systems people are allowed to use in Europe.
They lock people into only using the hardware and software they approve while not permitting using far more secure options. Play Integrity and this need Unified Attestation project are no different in regards to the fact that what's allowed is based on business models rather than security at all.
Having a European version of the Play Integrity which permits people to use insecure products from specific European companies participating in it while disallowing using arbitrary hardware or software is the opposite of a solution. It's more of the same anti-competitive garbage.
There's no legitimate purpose for either Play Integrity or Unified Attestation to exist. Both will inherently fail to uphold even basic security standards since otherwise their own products wouldn't be allowed. Root-based attestation is also inherently not a secure approach.
See the thread we posted at bsky.app/profile/grap... in response. We included a link to a detailed post about this with links to further coverage from third party experts. Strongly recommend reading that post and also at least glancing at the third party coverage we linked in it.
See discuss.grapheneos.org/d/24134-devi... for details including links to coverage from multiple third party experts. If you have an existing device where you want to switch to an alternate OS you can use LineageOS. It won't make it highly private or secure, but it will be much better than /e/.
/e/ isn't in the same space as GrapheneOS. It greatly reduces privacy and security compared to AOSP. It certainly doesn't improve those. LineageOS is a far better choice than /e/. It isn't a privacy or security hardened OS but reduces those far less than /e/ and doesn't add invasive services.
Those are extraordinarily insecure devices lacking basic privacy/security patches and protections. They quietly include their own user tracking in their update client and a bunch of invasive third party services. For example, their speech-to-text sends data to OpenAI without informing users.
Murena and iodΓ© are extremely hostile towards GrapheneOS. They've spent years misleading people about it with inaccurate claims to promote their insecure products. We'll never work with them. Volla, Murena and iodΓ© should have no say in which OS people can use on their devices.
These companies should not have any say over which devices can be used for European banking and government apps. It will reduce competition and reduce security exactly as the Play Integrity API is already doing. The EU should ban using attestation to determine OS compatibility.
Volla, Murena and iodΓ© sell products with atrocious security. They fail to provide important patches and protections while misleading users with inaccurate claims about privacy and security. That includes setting an inaccurate Android security patch level despite missing patches.
If banks and governments insist on checking devices for security they should define actual standards. It should be possible for any tiny project to be certified at no cost and the standards should be fairly enforced so a mainstream device without current patches is disallowed.
Hardware-based attestation has valid use cases including the Auditor app on GrapheneOS for protecting users. The way these companies are using it serves no truly useful purpose beyond giving themselves as unfair advantage while pretending it has something to do with security.
Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others. It shouldn't be legal when Google does it and it shouldn't be legal when Volla and Murena do it either. This is wrong.
Google's Play Integrity API is a horrible system enforcing using devices officially licensing Google Mobile Services. It permits those regardless of how many years behind they are on security patches. The solution to this isn't another anti-competitive system based in Europe.
We strongly oppose the Unified Attestation initiative and call for app developers supporting privacy, security and freedom on mobile to avoid it. Companies selling phones should not be deciding which operating systems people are allowed to use for apps.
uattest.net
Vanadium version 146.0.7680.65.1 released:
github.com/GrapheneOS/V...
See the linked release notes for a summary of the improvements over the previous release and a link to the full changelog.
Forum discussion thread:
discuss.grapheneos.org/d/32895-vana...
#GrapheneOS #privacy #security
It comes down to the fact these groups and their supporters feel immensely threatened by GrapheneOS. They attack us relentlessly and then react to us posting factual information in response as completely unacceptable. It's an attempt to bully us into silence and does the direct opposite of that.
A round of recent attacks specific to Bluesky started due to posting bsky.app/profile/grap... where we address how we'll avoid a similar situation.
Meanwhile, microG has made inaccurate claims about GrapheneOS and our team for years. Their contributors have spread Kiwi Farms content repeatedly...
