mastodon - Link to source
Apple and Google are gradually expanding their use of hardware-based attestation. They're convincing a growing number of services to adopt it. Google's Play Integrity API and Apple's App Attest API are very similar. Apple brought it to the web via Privacy Pass, which Google intends on doing too.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature. Banks and government services are the main ones adopting it but Apple and Google are encouraging every service to use it.

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Google's reCAPTCHA is planning an approach where they use Privacy Pass on Apple hardware, their own approach on Google Mobile Services Android devices and a QR code scanning system to require an iOS or Google certified Android device for Windows and other systems:

support.google.com/recaptcha/a…

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Banking and government services increasingly require using a mobile app where they can use attestation to force using an Apple or Google approved device and OS. Apple's privacy pass, Google's 'cancelled' Web Environment Integrity and now reCAPTCHA Mobile Verification are bringing this to the web.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Current media coverage for reCAPTCHA Mobile Verification misunderstands it and the impact of it. They're bringing a hardware attestation requirement to Windows, desktop Linux, OpenBSD, etc. by requiring a QR scan from a certified smartphone to pass reCAPTCHA in some cases. They could expand it more.

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web. Google defines certification requirements for Android which includes forcing bundling Google Chrome, etc. It's enormously anti-competitive.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Google's Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit. It also bans using any other alternative. This isn't somehow specific to an AOSP-based OS. You can't avoid this by using a mobile OS based on FreeBSD instead. You'll just be more locked out.

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Google's Play Integrity API permits devices with no security patches for 10 years. The device integrity level can be bypassed via spoofing but they can detect it quite well and block it once it starts being done at scale. The strong integrity level requires leaked keys from TEEs/SEs to bypass it.

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

It doesn't provide a useful security feature, but it does lock out competition very well. Services requiring Apple App Attest or Google Play Integrity are primarily helping to lock in Apple and Google having a duopoly for mobile devices. Play Integrity is more relevant due to AOSP being open source.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Governments are increasingly mandating using Apple's App Attest and Google's Play Integrity for not only their own services but also commercial services. The EU is leading the charge of making these requirements for digital payments, ID, age verification, etc. Many EU government apps require them.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they're directly participating in locking out competition via their own services. Requiring people to have an Apple device or Google-certified Android device is anti-competition, not security.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

reCAPTCHA Mobile Verification will currently work with sandboxed Google Play on GrapheneOS but it clearly exists to provide a way for them to start using hardware attestation on systems without it. People without an iOS or Android device will be locked out when this is required even without that.

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

This isn't about security or any missing functionality. GrapheneOS can be verified via hardware attestation. Google bans using GrapheneOS for Play Integrity because we don't license Google Mobile Services and conform to anti-competitive rules already found to be illegal in South Korea and elsewhere.
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Services shouldn't ban people from using arbitrary hardware and operating systems in the first place. Google's security excuse is clearly bogus when they permit devices with no patches for 10 years but not a much more secure OS. It's for enforcing their monopolies via GMS licensing, that's all.
in reply to GrapheneOS

mastodon - Link to source

Linux Is Best

It's the goal.

For example, all those new laws for age verification, for example, are to prevent you from using an operating system or ROM that cannot be minored or controlled. Blocking reCAPTCHA on a non-approved, non-certified government and corporate sanctioned devices is just 1 piece of the big picture.

For example, the USA has made any new router not made in the USA illegal to import or sell. The problem is that no mainstream manufacturer currently makes routers in the USA.

in reply to GrapheneOS

mastodon - Link to source

Linux Is Best

It's the goal.

For example, all those new laws for age verification are to prevent you from using an operating system or ROM that cannot be minored or controlled. Blocking reCAPTCHA on a non-approved, non-certified government and corporate sanctioned devices is just 1 piece of the big picture.

For example, the USA has made any new router not made in the USA illegal to import or sell. They can apply for an exception if they agree to include their new control chip or firmware.

Jacqueline reshared this.

in reply to Linux Is Best

mastodon - Link to source

Linux Is Best

Motorola has a security contract with the USA.

They will, depending on need, release a device with GrapheneOS — or delay it — and work closely with you to identify the methods and vulnerabilities you discover, as well as how you implement features to overcome the planned “new normal,” so that, behind the scenes, they can undermine and circumvent your work in the future. The investment — which includes you — is intended to strengthen relations and acquire additional contracts. 😭

in reply to Linux Is Best

mastodon - Link to source

GrapheneOS

@Linux Motorola Mobility is a subsidiary of Lenovo and definitely doesn't have the relationship you're describing with the US government. Motorola was split up in 2011 and Motorola Mobility was acquired by Lneovo in 2014. You're confusing entirely different companies together, not that it would make sense regardless since GrapheneOS is open source. They don't need to do anything special to see what we're doing.
@Linux Is Best
in reply to Daniël

mastodon - Link to source

Linux Is Best

@danieldk

I am the source.

Both Motorola Mobility with Motorola Solutions CAGE Code: 01113, 6H7Z2, 78205, and 7H229 (NCAGE).

dla.mil/Working-With-DLA/Appli…

If you’re looking for an actual document that says, “Yes, we’re trying to screw over the American people,” a written confession in a convenient PDF file, you won’t find one. Ever.

@GrapheneOS

@GrapheneOS @Daniël
in reply to GrapheneOS

mastodon - Link to source

thomas

So true! One little thing: This would also be bad if it weren't a bogus excuse. Because Remote Attestation in a device for the general public in itself is evil, and it will always be abused. The whole purpose of Remote Attestation is to enable a service to ban people from using arbitrary hardware and OSes. And in extension, to ban people from using arbitrary client apps for those services.
in reply to GrapheneOS

mastodon - Link to source

Papageier

Google has the entirety of its commercial success thanks to the openness and interoperability of the #WWW. To try an captcha it to build a walled garden is, frankly speaking, an act of disrespect for @timbl and the entire web community.

Microsoft has tried it. Apple has tried it as well. Both have finally had the insight that working with the community is much more rewarding and profitable than working against it.

Let's work toward Google having that same revelation as well.

(Sorry for the pun, couldn't resist)

#www @Tim Berners-Lee
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

reshared this

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

Android's hardware attestation shouldn't be used to lock out users not using specific hardware or OSes. However, the fact that it permits arbitrary roots of trust and OSes at least allows services to permit more. Google could use it to permit GrapheneOS for Play Integrity if that was about security.
This entry was edited (3 days ago)

reshared this

in reply to Matúš

mastodon - Link to source

GrapheneOS

@dasmatus AOSP and GrapheneOS already heavily use sandboxing throughout the OS and are in the process of heavily adopting hardware-based virtualization for isolation. Running an operating system in a container or VM doesn't help with attestation but rather makes it substantially harder to pass from apps doing detection of emulation and virtualization via anti-tampering. A large part of the Play Integrity API software checks are focused on detecting emulation or virtual machines.
@Matúš
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

@dasmatus It's worth noting the Play Integrity API software checks are largely not enforced up front but rather used to detect spoofing and the enforcement comes later. This prevents being able to know exactly how it was caught via GPU fingerprinting, etc. They don't care about small scale spoofing and wait until it's larger scale to take actions to stop it which is often done in a far more naive way than how it was detected. Over time, they're making it stronger and bypasses shorter lived.
@Matúš
in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

@dasmatus The software-based checks alone are already impractical to bypass reliably over the long term. The hardware based checks where leaked keys from exploiting a TEE/SE are needed to bypass them are a whole separate story. They shipped a DICE-based remote provisioning model years ago for the hardware checks and that's going to make future leaked keys much less valuable due to their short lives so it will be necessary to keep leaking more which they can start cracking down on over time.
@Matúš
in reply to 🏳️‍🌈 Brie 🪰🚴🌸✨

mastodon - Link to source

GrapheneOS

@cargot_robbie @ggrey They could use the hardware attestation API to enforce a minimum patch level while still not allowing GrapheneOS or other secure alternative options though. It's not implied that using the hardware attestation API would mean permitting other options at all. We've convinced a dozen banking apps to start permitting GrapheneOS but it's a small portion of the banks which have adopted the Play Integrity API. Convincing them not to do this at all is nearly impossible.
@🏳️‍🌈 Brie 🪰🚴🌸✨ @G̸u̸a̸l̸t̸i̸e̸r̸o̸
in reply to Inanna🇵🇸

mastodon - Link to source

GrapheneOS

@FantasmitaAsex reCAPTCHA is extremely widely adopted. A portion of services using alternatives won't solve how much damage they can do to alternatives via control of reCAPTCHA.

Only a tiny proportion of apps use the Play Integrity API and ban GrapheneOS with it. It's only around 1/10 banking apps and perhaps 3/10 government apps, but the overall picture more like 1/10000 apps or even lower. However, it's widely adopted enough that it's a huge barrier to GrapheneOS adoption for people already.

@Inanna🇵🇸
in reply to Inanna🇵🇸

mastodon - Link to source

GrapheneOS

@FantasmitaAsex reCAPTCHA is extremely widely adopted. A portion of services using alternatives won't solve how much damage they can do to alternatives via control of reCAPTCHA.

Only a tiny proportion of apps use the Play Integrity API and ban GrapheneOS with it. It's something like 1/10000 apps or even lower but for banking apps it's around 1/10 and important government apps around 2/10. However, it's widely adopted enough that it's a huge barrier to GrapheneOS adoption for people already.

@Inanna🇵🇸

Inanna🇵🇸 reshared this.

in reply to GrapheneOS

mastodon - Link to source

Garrett LeSage

My bank has been this way for months already. They got rid of other 2FA methods they used to support and require a Google-approved Android OS or iOS... even to log in to their banking UI on a desktop/laptop.

It's infuriating, and it means I'm now 100% locked in to a proprietary app on a proprietary OS (controlled by 1 of 2 companies, both headquartered in California, USA) on a proprietary phone for banking and public transit (in Europe), with no alternative possible. 😖

in reply to Garrett LeSage

mastodon - Link to source

GrapheneOS

@garrett Most banking apps still work on GrapheneOS but Play Integrity API adoption is expanding and it's nearly impossible to convince an app to stop using it once they've started. We've only successfully convinced a couple apps to stop. We've convinced a lot more apps to start permitting GrapheneOS by using the Android hardware attestation API as an alternative which can be used to permit arbitrary hardware and operating systems but that's still very problematic including for GrapheneOS.
@Garrett LeSage

Support GrapheneOS 667 reshared this.

in reply to GrapheneOS

mastodon - Link to source

GrapheneOS

@garrett We provide documentation at grapheneos.org/articles/attest… on how apps can use the Android hardware attestation to permit GrapheneOS and other hardware / operating systems which aren't certified by Google. This API supports permitting alternate roots of trust and non-stock operating systems. We use new signing keys for each new device model so new devices won't be listed without them updating it and their list won't include alternate builds of GrapheneOS. Apps should not be doing this at all.

GrapheneOS attestation compatibility guide

Guide on using remote attestation in a way that's compatible with GrapheneOS.
GrapheneOS
@Garrett LeSage
in reply to GrapheneOS

mastodon - Link to source

Magical Cat

I also see other tendency:
Bank I am customer of, in a EU-candidate country, when add some services, makes them available only from mobile device. For example, purchase of travel insurance, which normally happens beforehand, not during travel itself.
I don't see a logical reason to limit a service availability to a weaker in UX sense mobile platform with small screen, half if it usually eaten by on-screen keyboard, and lack of proper mouse/keyboard).
in reply to GrapheneOS

mastodon - Link to source

TheZorse

I wonder of there's someone you can contact in the Canadian government to try to hard-block this from becoming a requirement with our government, banks, etc., from a national security perspective. You might find a receptive audience given that we're trying to gain some independence from the US.

My feeling is that the government knows that reliance on American tech is a problem and a trap, but they don't have a good grasp of the details or the alternatives.

Unknown parent

mastodon - Link to source

GrapheneOS

@7cd4a72311bad46117e0f692dddc5f31a543b47ff4265b028f8d820ac808ab3c @MAlBarram We have a partnership with Motorola Mobility (Lenovo) and are working with them towards their 2027 devices providing all of our requirements and providing official GrapheneOS support. We're actively working with them on getting the requirements implemented and GrapheneOS ported to their devices. It has nothing to do with the thread we posted though since it's not going to help with any of this.
@M @users/7cd4a72311bad46117e0f692dddc5f31a543b47ff4265b028f8d820ac808ab3c
Unknown parent

mastodon - Link to source

GrapheneOS

@7cd4a72311bad46117e0f692dddc5f31a543b47ff4265b028f8d820ac808ab3c @MAlBarram Pixels aren't somehow dead and none of what we posted is in any way specific to Pixels, Android devices or operating systems based on the Android Open Source Project.

You should read the thread we posted which is about them bringing the Play Integrity API to the web including for desktops by requiring having a phone certified by it or an iOS device in order to pass checks on the web and desktops too.

@M @users/7cd4a72311bad46117e0f692dddc5f31a543b47ff4265b028f8d820ac808ab3c
in reply to Jay 🚩

mastodon - Link to source

GrapheneOS

@jaypatelani Android Open Source Project is Linux. Linux doesn't mean glibc, systemd and GNOME. Using the far less private and secure desktop Linux software stack on mobile doesn't do anything to address any of this. It drastically reduces compatibility with the massive mainstream mobile app ecosystem including the large open source mobile app ecosystem for Android so it doesn't matter as much that apps are banning using anything non-Google-certified from that regard since it's already that way.
@Jay 🚩

Jay 🚩 reshared this.

in reply to GrapheneOS

mastodon - Link to source

Andreas K

There are IMHO few cars when hardware attestation (which btw is the ultimate in anti handicapped stance one can take, I literally remember a decade ago how a colleague modified his Linux workstation to deal with his personal mix of handicaps)

And if there is a need for that there is no need to go with a vendor lock-in solution as the grapheneos crew correctly points out.

But security theater is cheaper than haviyng real competent engineer look over the security design for real.

in reply to GrapheneOS

mastodon - Link to source

Sub_Root

The media in this post is not displayed to visitors. To view it, please go to the original post.

A Call for User-Centric Hardware Sovereignty - Pastebin.com

Pastebin.com is the number one paste tool since 2002. Pastebin is a website where you can store text online for a set period of time.
Pastebin
#cybersecurity #opensource #privacy #infosec #openbsd #grapheneos #TechFreedom #hardwaresovereignty