Petition to stop Google from limiting custom ROMs over leaked keyboxes gains 3,700+ signatures in hours

It seems Google has inadvertently stirred the proverbial Android hornet’s nest, and the buzzing isn’t dying down anytime soon. A growing petition demanding Google stop limiting the use of custom ROMs through its controversial Play Integrity API is making waves, collecting thousands of signatures in mere hours. Frustrated Android enthusiasts argue that Google’s latest move against leaked attestation keys is a power play that targets the very essence of Android’s famed openness: user freedom.

At the center of the controversy are leaked factory attestation keys — security keys designed to verify the integrity of Android devices. These leaked keys allow devices with unlocked bootloaders to pass Google’s Play Integrity checks, essentially masquerading as unmodified, secure devices. This trickery enables users running custom ROMs to access apps like Google Wallet and Samsung Pay as well as features like RCS, which are typically off-limits to rooted or modified devices.

In response, Google is revoking these compromised keys to prevent further misuse. But here’s the kicker: the fallout won’t just hit the hackers. According to Android expert Mishaal Rahman, ordinary users could find themselves locked out of critical apps if their device happens to rely on one of these revoked keys. Google claims it’s working with OEMs to update affected keyboxes, but the damage may already be done for many.

Enter the petition on Change.org, rallying Android enthusiasts to demand an end to Google’s increasing control over custom ROMs. Over 3,700 signatures (as of this writing) have poured in since the petition launched hours ago, with numbers climbing steadily. The petition’s creators are calling out Google for what they see as monopolistic practices that prioritize ecosystem control over genuine user security.

Petitioners aren’t just venting; they’re offering alternatives. One popular suggestion? A Play Integrity app that lets users decide their desired security level, complete with warnings about potential risks. Others propose a neutral, nonprofit authority to handle security certification — taking the reins away from Google entirely. Heck, another group is even threatening legal action if Google doesn’t extend custom ROM support.

This isn’t the first time Android modders have felt the heat. From complaints about Google’s silent blocking of RCS on rooted phones to the end of the AOSP Dialer and Messages app, the tech giant has been tightening its grip on what it considers “acceptable” Android behavior. Critics argue that these moves, masked as security measures, are really about enforcing ecosystem loyalty.

Those using Graphene OS, a privacy-focused custom ROM, and the team behind it have been vocal about the issue too especially after losing access to Authy. Despite its robust security measures, it fails Play Integrity checks because it doesn’t carry Google’s official stamp of approval. This, say many, is a clear sign that Play Integrity isn’t about user safety — it’s about control. Here’s a thread by the Graphene OS team on Mastodon that dives deeper into this issue.

Post by @[email protected]

View on Mastodon

While the petition is gaining traction, some skeptics doubt that Change.org alone will catch Google’s attention. Many suggest taking the fight to the European Union through a formal European Citizens’ Initiative, which could force the EU to consider legislative action. Given the EU’s recent focus on reigning in tech giants like Google and Apple, this route could add serious weight to the cause.

There’s also chatter about escalating the issue under consumer protection laws, emphasizing that Play Integrity effectively creates programmed obsolescence by sidelining modified or older devices that are no longer receiving software updates from manufacturers. Proponents are collecting evidence to prove Google’s monopolistic tendencies, aiming to build a case that regulators can’t ignore.

The real irony, according to critics, is that Play Integrity offers little actual security. Malware and exploits don’t necessarily require root access, meaning even locked devices are vulnerable. Instead of safeguarding users, Play Integrity serves as a gatekeeper, punishing modders and shrinking the Android ecosystem’s famed diversity.

Whether this growing uproar will move Google remains to be seen. But it’s clear that Android enthusiasts aren’t going down without a fight. From petitions and legal challenges to fiery forums and social media debates, the community is rallying around the belief that Android should remain a platform for everyone — not just those who play by Google’s increasingly restrictive rules.