Stop Google from limiting access to Custom ROMS

Futureized

High-Frequency
Innovator
Stop Google from limiting access to Custom ROMS via Play Integrity.

This petition might interest you. We are fighting against Google's monopoly with Play Integrity that essentially blocks users with a custom operating system from accessing certain functionalities and applications. The European Commission is already aware of the situation, but judged it as low priority: https://www.europarl.europa.eu/doceo/document/PETI-CM-757267_EN.pdf It's time for us to unite and show Google and EU how much we care about this issue.

Petition here: https://www.change.org/p/stop-google-from-limiting-custom-roms
Credits - Reddit
 
Nexus 4 introduced me to custom
ROMs and enjoyed every day of my Nexus4, OnePlus One and 3T. You could unlock like 100+ features which made small tasks soo much better. Paranoid Android will always have a special place in my heart.
 
Honestly even if the petition passes google has been moving functionality out of AOSP into closed-source google apps.
Even basic stuff like calendar and messages is now closed source and custom rom developers have to create their own which already discourages their development.
 
I am not into Android so I am not aware about what is happening in android world but it seems Google is making android more restrictive day by day.
Just yesterday, on my samsung Tab A7, I wanted to move apps and its data to SD card and there was no direct way to do it without enabling developer options and enabling the force move feature.
Additionally, I am not allowed access the /Android/data folder directly on device. None of the jugaad methods are working too. I found some method which was telling me to download something that mimics tablet being connected to PC to enable access. This too didn't work.
 
I am not allowed access the /Android/data folder directly on device.
This got implemented in Android 8.1 or something. Now it's A15. If you connect a data cable to the phone it asks for password if you try doing data transfer. If you remove sim card from phone, phone will reboot. All new security features in case phone gets stolen. There's a new message on my pixel now after booting up - "Unlock for data and internet".
 
  • Like
Reactions: Futureized
I am not into Android so I am not aware about what is happening in android world but it seems Google is making android more restrictive day by day.
Just yesterday, on my samsung Tab A7, I wanted to move apps and its data to SD card and there was no direct way to do it without enabling developer options and enabling the force move feature.
Additionally, I am not allowed access the /Android/data folder directly on device. None of the jugaad methods are working too. I found some method which was telling me to download something that mimics tablet being connected to PC to enable access. This too didn't work.
There is a workaround for the Android/data access. Use Material Files from F-Droid.
 
Honestly even if the petition passes google has been moving functionality out of AOSP into closed-source google apps.
Even basic stuff like calendar and messages is now closed source and custom rom developers have to create their own which already discourages their development.
Google is just taking control of as much as possible.

I still remember the words from Alta Vista or Lycos lead developer two decades ago..
(Google) Wolf was allowed to enter the hen house (other search engines) and its continued till day.
There is a workaround for the Android/data access. Use Material Files from F-Droid.
Not everyone can easily configure F-Droid to work for them.
 
Google is just taking control of as much as possible.

I still remember the words from Alta Vista or Lycos lead developer two decades ago..
(Google) Wolf was allowed to enter the hen house (other search engines) and its continued till day.

Not everyone can easily configure F-Droid to work for them.
It can be directly sideloaded without the F-Droid client from the website or github.
 
Installing Custom ROM isn't difficult. However, using a Custom ROM on an actively used device, which serves as a daily driver, is getting quite difficult.
Most of the apps issue warnings or refuse to work. Installing Magisk is a temporary solution.
Google is obviously against Custom ROMs as it unlocks a TON of new features and significantly extends the life of older devices.
 
So far Google has blocked gPay on custom ROMs.
Which devices ?
Most of the apps issue warnings or refuse to work. Installing Magisk is a temporary solution.
With rooted mobile, many banking/financial apps break (wont work) hence had to switch to stock roms from last few years.
Most banking apps are broken on non-official ROMs and root.
What devices specifically ?
I am using Xiaomi and stopped custom roms
 
Devices don't matter much if you have a custom rom. Exception is some devices using verified boot with custom roms.

Even without root, many banking apps will break if you install in on a custom rom without verified boot.
 
The whole concept of play integrity is flawed imo. I mean sure it's a pretty good reason for apps to check the security of devices before working esp. banking apps. But play integrity is basically a google monopoly. It's not really checking the security of devices, instead whether device is google supported or not.

It's also understandable than almost 99% of custom ROMs have weak security than the stock OS. Features yeah but security no. Stock OS itself is not very secure as there's not a lot of frequent updates to it by device manufacturers. This is where a real security validation should be done by checking the device for last update, vulnerabilities etc., not by whether it's google supported or not.

I, myself am not concerned with banking apps as they usually have netbanking I can access via secure browser. It's the apps which don't have other alternatives are a concern for me. But it's still a long way to go before everything needs play integrity and by then no other choice but to give in to monopoly.

Definitely not signing this petition as it is a pure misconception rather than actually enforcing a security model.
 
  • Like
Reactions: Futureized
Devices don't matter much if you have a custom rom. Exception is some devices using verified boot with custom roms.

Even without root, many banking apps will break if you install in on a custom rom without verified boot.
Do all device manufacturers provide verified root ?
I was under impression only Xiaomi did (which took atleast 3 days)
 
Do all device manufacturers provide verified root ?
I was under impression only Xiaomi did (which took atleast 3 days)

Verified boot is basically a locked bootloader even if running an aftermarket OS. It has multiple states like "Verified" or "Self-Signed" if using custom AVB. Verified means a locker bootloader running verified OS.

In any case you should not attempt to lock bootloader if running custom ROM as you can brick it. That's why a lot of ROMs are running on unlocked bootloader which of course makes the entire device less secure.

Few ROMs (like grapheneOS I am running, divest OS etc.) allows to relock bootloader but it's for specific devices. Like graphene only supports pixels.
 
Verified boot is basically a locked bootloader even if running an aftermarket OS. It has multiple states like "Verified" or "Self-Signed" if using custom AVB. Verified means a locker bootloader running verified OS.

In any case you should not attempt to lock bootloader if running custom ROM as you can brick it. That's why a lot of ROMs are running on unlocked bootloader which of course makes the entire device less secure.

Few ROMs (like grapheneOS I am running, divest OS etc.) allows to relock bootloader but it's for specific devices. Like graphene only supports pixels.
Can you explain why locking boot loader can brick the phone? Running grapheneos as well so didn't have to worry about it but curious to know how is it for other ROMs. Can't remember if I locked my old phone after installing one.
 
Can you explain why locking boot loader can brick the phone? Running grapheneos as well so didn't have to worry about it but curious to know how is it for other ROMs. Can't remember if I locked my old phone after installing one.

Once the bootloader is locked, after powering up the phone, hashes of each partitions are verified against the OEM keys. If they don't match the phone won't boot. Custom keys are also possible, so you can apply them for a custom ROM but afaik not a lot of devices support it. Pixel does support signing and booting with custom keys.