Security is a central concern across today’s wider digital ecosystem. Apps, banking, payments, and sensitive data all require strong protection, and Google has invested heavily in mechanisms like Play Integrity, SafetyNet, and deeper system-level scanning to prevent tampering and protect both users and developers. The trade-off is that these measures also restrict user freedom.
Broadly, there are two possible strategies: User autonomy model — Educate users on risks, allow full control, and let them decide how to configure and use their devices. Security enforcement model — Implement strong, mandatory protections that cannot be easily circumvented, even by advanced users.
Google has clearly committed to the locked-down model, prioritizing security and fraud prevention even when it reduces user autonomy.
On GrapheneOS, an unlocked bootloader or persistent root breaks verified boot, bypasses the app sandbox, and fails integrity checks. That weakens OS‑level protections and can cause secure apps to block or restrict features. GrapheneOS’s hardening is real but it assumes a locked bootloader and no root.
A more balanced path is technically possible. Sandboxed Play Services on GrapheneOS is real and lets many apps use Google APIs without granting system privileges, but it doesn’t change who controls attestation. Play Integrity remains Google’s gatekeeper, and there’s no public program for alternative ROMs to “pass” based on published criteria. What could work, but doesn’t exist yet, is an open, criteria‑based attestation scheme where any OS that meets transparent, auditable standards is recognized. That would keep banking and payments secure without killing ROM viability. Technically it’s doable; practically it’s unlikely without regulatory pressure or strong market demand because tight GMS integration benefits Google and most developers prefer a single attestation provider. Without regulatory pressure—something like the EU’s Digital Markets Act—or strong market demand from privacy-focused vendors, it’s unlikely Google will move in this direction on its own. But technically, it’s entirely doable.
AOSP is pretty much “look, but don’t use” kind of shit without the extensive modifications that is made by the LineageOS and that work is then forked by other projects.
With the newer OneUI 8, Samsung has blocked unlocking and as of yesterday, the ColorOs variants of OnePlus needs the deepest tool to query their servers for permission to unlock.
There’s more and more proprietary stuff than before with basically everyone including Soc manufacturers, OEMs and governments against free opensource OS.
I maintain a lot of realme devices and here’s my github
Is there any way to unlock bootloader for realme without that deeptest app?
I have old realme 3 and want to unlock bootloader, but getting “this phone model does not support in-depth test”. Searched forums but didn’t found any.
Like redmi devices can be unlocked with third party tool without waiting for 7 days to unlock in official way.
You are looking at older devices where it was possible to bypass bootloader unlocking wait period on Xiaomi devices. They have gone the opposite direction now and make it difficult to unlock officially, with unofficial unlocking methods being disabled.
They completely closed off their bootloader unlocking, atleast globally. If you can install Chinese ROM somehow, you can try the deepest app and you might get lucky. I’m unsure if it’s still open for Chinese realme devices.
It doesn’t work on all Mediatek SoCs. I used this with my e-reader and it generally works with older Mediatek ones which have several bootloader vulnerabilities. They started patching those later on when they were used in more devices globally and Mediatek was called out for very poor security implementation.
He worked at Apple incidentally when actively developing Magisk. Considering he works on Android security now, this is his main job but also kind of ironic he is maintaining the primary tool to break it. Suppose it won’t last long though with Google also locking down Pixel phones in the future.
Looks like citizen privacy will cease to exist in coming future, policies of all world govts. are showing that tendency.
For eg., EU is proposing a new mass surveillance law and they are asking the public for feedback. All internet will have govt.’s spying loophole as per this.
In India, see what the new Income Tax law policies which give permission to read everything about individuals.
Australia too ?
