cross-posted from: https://lemmings.world/post/42484977
Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decides on Android smartphones with Google Play services whether banking, government, or wallet apps are allowed to run on a smartphone.
It doesn’t really matter in the context of this particular topic. They’ve highlighted the problem and I think in here we should abstract from their personality and their conflicts with Murena & Co., and focus on the problem itself.
And the problem is that, regardless of who’s implementing the attestation technology and regardless of who is critizing it, the very concept of device attestation based on OEM/Google/Apple/Murena/GrapheneOS/whoever approval is harmful and anti-consumer at its core.
No matter who owns the authority to decide which devices are deemed “good” and which are deemed “bad”, this authority shouldn’t exist at all. Only the user should be in charge of the decision of which os to use — be it Google’s Android, GrapheneOS, MIUI, eOS, PostmarketOS or MS-DOS — OEMs/Google/Murena/etc should have no say in it.