It seems Google has inadvertently stirred the proverbial Android hornet’s nest, and the buzzing isn’t dying down anytime soon. A growing petition demanding Google stop limiting the use of custom ROMs through its controversial Play Integrity API is making waves, collecting thousands of signatures in mere hours. Frustrated Android enthusiasts argue that Google’s latest move against leaked attestation keys is a power play that targets the very essence of Android’s famed openness: user freedom.

At the center of the controversy are leaked factory attestation keys — security keys designed to verify the integrity of Android devices. These leaked keys allow devices with unlocked bootloaders to pass Google’s Play Integrity checks, essentially masquerading as unmodified, secure devices. This trickery enables users running custom ROMs to access apps like Google Wallet and Samsung Pay as well as features like RCS, which are typically off-limits to rooted or modified devices.

In response, Google is revoking these compromised keys to prevent further misuse. But here’s the kicker: the fallout won’t just hit the hackers. According to Android expert Mishaal Rahman, ordinary users could find themselves locked out of critical apps if their device happens to rely on one of these revoked keys. Google claims it’s working with OEMs to update affected keyboxes, but the damage may already be done for many.

Enter the petition on Change.org, rallying Android enthusiasts to demand an end to Google’s increasing control over custom ROMs. Over 3,700 signatures (as of this writing) have poured in since the petition launched hours ago, with numbers climbing steadily. The petition’s creators are calling out Google for what they see as monopolistic practices that prioritize ecosystem control over genuine user security.

Petitioners aren’t just venting; they’re offering alternatives. One popular suggestion? A Play Integrity app that lets users decide their desired security level, complete with warnings about potential risks. Others propose a neutral, nonprofit authority to handle security certification — taking the reins away from Google entirely. Heck, another group is even threatening legal action if Google doesn’t extend custom ROM support.

This isn’t the first time Android modders have felt the heat. From complaints about Google’s silent blocking of RCS on rooted phones to the end of the AOSP Dialer and Messages app, the tech giant has been tightening its grip on what it considers “acceptable” Android behavior. Critics argue that these moves, masked as security measures, are really about enforcing ecosystem loyalty.

Those using Graphene OS, a privacy-focused custom ROM, and the team behind it have been vocal about the issue too especially after losing access to Authy. Despite its robust security measures, it fails Play Integrity checks because it doesn’t carry Google’s official stamp of approval. This, say many, is a clear sign that Play Integrity isn’t about user safety — it’s about control. Here’s a thread by the Graphene OS team on Mastodon that dives deeper into this issue.

View on Mastodon

A call to the EU

While the petition is gaining traction, some skeptics doubt that Change.org alone will catch Google’s attention. Many suggest taking the fight to the European Union through a formal European Citizens’ Initiative, which could force the EU to consider legislative action. Given the EU’s recent focus on reigning in tech giants like Google and Apple, this route could add serious weight to the cause.

There’s also chatter about escalating the issue under consumer protection laws, emphasizing that Play Integrity effectively creates programmed obsolescence by sidelining modified or older devices that are no longer receiving software updates from manufacturers. Proponents are collecting evidence to prove Google’s monopolistic tendencies, aiming to build a case that regulators can’t ignore.

The real irony, according to critics, is that Play Integrity offers little actual security. Malware and exploits don’t necessarily require root access, meaning even locked devices are vulnerable. Instead of safeguarding users, Play Integrity serves as a gatekeeper, punishing modders and shrinking the Android ecosystem’s famed diversity.

What happens next?

Whether this growing uproar will move Google remains to be seen. But it’s clear that Android enthusiasts aren’t going down without a fight. From petitions and legal challenges to fiery forums and social media debates, the community is rallying around the belief that Android should remain a platform for everyone — not just those who play by Google’s increasingly restrictive rules.

Hillary Keverenge
446 Posts

Tech junkie. Gadget whisperer. Firmware fighter. I'm here to share my love-hate relationship with technology, one unboxing at a time.

Comments

Diego23-11-2024

Hey Google, stop it!

Dylan Gregori Singer (symmetricalboy)23-11-2024

Hey! So Happy to see this article!! Thanks for covering it! To those skeptical and critical of the petition, I myself said the same... until I began chatting with the author. He is just your average 17 year old student from small-town Italy, who has inspired an international coalition of thousands of android enthusiasts to petition lawmakers for changes to android's foundation, and the future of open source software. The conversation in the group associated with the petition has rapidly evolved well beyond the initial drafting of a cry to the EU for attention to the matter; I went from skeptical of his grasp of the issue, to a board member for what is now the Android Integrity Alliance, soon to file as a non-profit internationally, with a core team of lawyers, developers, designers, hackers, and enthusiasts, rapidly moving behind the scenes in an attempt to take this momentum somewhere bigger. We don't have a big expectation that the EU will do much. But the eyes drawn to the issue are speaking volumes about what Play Integrity is actually doing. We invite developers and fans alike to join the conversation with us, as we attempt to protect AOSP from being entirely reliant of Play Services to function. This is about fighting for the open source mission that is the core of Android. We can do better than Play Integrity to protect developers' published works. We can do better for users. Please visit AndIntAlliance Telegram account for the latest!

Follow Us