Pay securely with an Android smartphone, completely without Google services: This is the plan being developed by the newly founded industry consortium led by the German Volla Systeme GmbH. It is an open-source alternative to Google Play Integrity. This proprietary interface decides on Android smartphones with Google Play services whether banking, government, or wallet apps are allowed to run on a smartphone.
GrapheneOS is critical of this initiative here and I think their criticism has merit. This simply moves the gatekeeper from Google to a handful of OEM’s who won’t let you use anything other than their blessed OS’s.
Has the GrapheneOS team ever, once, been supportive of ANY other custom ROM initiative? I ask this as someone with both a GOS Pixel10 and a FairPhone 6 running /e/ on my desk this week.
For as good as their security approach is, their constant shit talking of others also making efforts to free us from big tech helps no-one.
Oh the irony of using the phrase “blessed OS’s” coming from the GOS camp.
I’d say if you have more alternative gatekeepers, that means you have more options and that gives the user more power (to choose).
Or we can back an option without a gatekeeper…
sure we can, the only question is who’s legally liable if things go wrong
Furthermore, a peer review process is planned, through which the consortium members will mutually check and certify their operating systems and smartphone or tablet models. “This is intended to create transparency and replace trust with traceability.”
Still doesn’t sound very open.
I should be able to tell my bank to only trust devices running an OS signed by the grapheneos key, and more importantly I should be able to tell them to trust an OS signed by my key.
Edit: I don’t mean to shit on this too hard. It might be the best next step.
It is kinda insane though that we’ve had public/private keys since the internet started walking and somehow we end up with all these over-complicated or pointless ways to use them.
