Stop Google from limiting access to Custom ROMS

[t3chg33k]

Stop Google from limiting access to Custom ROMS via Play Integrity.

This petition might interest you. We are fighting against Google's monopoly with Play Integrity that essentially blocks users with a custom operating system from accessing certain functionalities and applications. The European Commission is already aware of the situation, but judged it as low priority: https://www.europarl.europa.eu/doceo/document/PETI-CM-757267_EN.pdf It's time for us to unite and show Google and EU how much we care about this issue.

Petition here: https://www.change.org/p/stop-google-from-limiting-custom-roms
Credits - Reddit

Why do people start these petitions on change.org and expect multinational corporations to do anything but laugh at them? I don't think any government has taken these internet petitions seriously. At most, it brings people with a cause together but doesn't enforce any effective change. On top of that change.org itself has been making money from advertising and selling personal information, so I suppose this makes them the winners?

Using official petition forums where available makes more sense. The EU has one related to parliament discussion which I suppose was used for the original discussion and a change.org peition will do nothing exactly.

On point, I think most users will simply not care if they get regular security and OS updates for 7 years. The locked bootloader also makes life easier for Google in terms of support.

I have a Mi device and none of the custom ROMs have ever been stable or regularly updated, mostly because most experienced developers have moved on. It will end up like the iOS jail breaking community mostly with few hanging on because of "my device, my choice" but the world will move on.

Can you explain why locking boot loader can brick the phone? Running grapheneos as well so didn't have to worry about it but curious to know how is it for other ROMs. Can't remember if I locked my old phone after installing one.

On Pixel devices, it is still possible to self-sign and lock the bootloader which is what GrapheneOS does. On other devices, this is not supported. If the official bootloader is locked, it looks for official signed binaries which of course it cannot find if you modified the image.

 

[Renegade]

Even without root, many banking apps will break if you install in on a custom rom without verified boot.

All enterprise apps go through a third party vulnerability and penetration test through a third party. One of the key finding and recommendation on that report is to implement multi layer root detection. It is also part of OWASP mobile recommendation.

After it is detected that the device is rooted, it is upto the app product owners/security team to decide which functionalities to allow and which to block. Give a warning, allow limited functionality, block the app usage, monitor activity etc.

So naturally all banking apps will not function normally on rooted devices because all banking systems also have to follow the standard guidelines set out by the RBI.

On point, I think most users will simply not care if they get regular security and OS updates for 7 years. The locked bootloader also makes life easier for Google in terms of support.

I have a Mi device and none of the custom ROMs have ever been stable or regularly updated, mostly because most experienced developers have moved on. It will end up like the iOS jail breaking community mostly with few hanging on because of "my device, my choice" but the world will move on.

Exactly, this whole thing started because there was at max one version update from the fragmented device manufacturers for the Android phones. Everyone wanted the security patches and latest features. Plus it was fun and exhilarating.

What was the motivation for the developers to create and support these custom ROMs? Same fun and exhilarating? Add to resume?

 

[Dhanush]

So far, I've been using a custom ROM for over a year without any problems. The bank applications are functioning despite not being rooted using the official Lineage OS.
Higher benchmark scores compared to my stock ROM.
As famous quote from the Movie Who am I "There's always a way in" So I don't bother what the Google is doing and implementing.

 

[lockhrt999]

What was the motivation for the developers to create and support these custom ROMs?

These developers think they are special, and they can change the world by rebelling against big corps with a few lines of code. All these developers are college going teenagers.

Source: I was a teenager once.

 

[intruderfps]

All enterprise apps go through a third party vulnerability and penetration test through a third party. One of the key finding and recommendation on that report is to implement multi layer root detection. It is also part of OWASP mobile recommendation.

After it is detected that the device is rooted, it is upto the app product owners/security team to decide which functionalities to allow and which to block. Give a warning, allow limited functionality, block the app usage, monitor activity etc.

So naturally all banking apps will not function normally on rooted devices because all banking systems also have to follow the standard guidelines set out by the RBI.....

That is a legitimate reason for apps to check the security of device, esp. enterprise level apps.
All I am saying is Play Integrity does not actually test the security of device, just whether it has been tampered with or not. Even if the OS is years behind in terms of important security updates, play integrity will happily report everything is good with the device when in reality it is not the case.

...
What was the motivation for the developers to create and support these custom ROMs? Same fun and exhilarating? Add to resume?

When I compiled my first android OS from source in july 2013, it was a Slim ROM (iirc) for Sony Ericsson Live with Walkman device. It was a fun test to check my capability into developing ROMs as I was not satisfied with the available options.
My main motivation into development was to find and implement ways to make my own build for ROMs I liked with my own security and privacy related imprvements. But no one was interested in security back then, even the first public release I did for the ROM was a complete mess but still got a lot of positive responses like better SOT (lol). Very quickly I realized, there's not a lot that can be done about security and privacy with the stuff available at that time and I abandoned the project. Other projects from other developers also didn't interest me much as none I found for my device was experienced.

A few years later was the era of google phones which were/are the only android devices which are very competetive to Apple devices security-wise. I quickly hopped on to it and actually found a lot of talented developers dedicatedly working on improving things. For other "common" devices, all I could find are some inexperienced developers compiling some remix ROM with 1000+ features and very unstable (like I used to do).

Features in custom ROMs are cool, but after some time away from them I realized I was not actually missing them and for my personal use case, stability, security and privacy matters in the long run.

 

[nRiTeCh]

I was an avid fan and a core user of custom roms but completely left flashing them since last year as even if the rom is clean, the banking apps and Microsoft authenticator etc. would still detect the device as rooted even though the device is clean/ non-rooted/nor the bl unlocked! Its too much of a hassle these days as google/apps got all the algorithms to detect even a minor hole in the system or throw it as a false alarm which triggers the alert! Hence you are restricted to use such apps. Gpay work fine though!