- Apps using Play Integrity checks may refuse to run on custom ROMs like GrapheneOS.
- Some voices at Google are open to developing a certification program for custom ROMs, but there’s just not enough people using them to be worth it.
Android’s openness as a platform is a bit of a double-edged sword. On one hand, that empowers users to explore apps from sources outside the Play Store, and even experiment with custom ROMs. But that also leaves developers of security-minded apps in a tricky position, as they don’t know if they can trust what other apps or even the operating system itself is communicating. That’s led to the development of frameworks like Play Integrity, an API that devs can use to ensure their apps are only running on “genuine” Android devices. But as more apps start enforcing Play Integrity checks, that’s causing some serious headaches for modders in the custom ROM community.
The idea of Play Integrity causing headaches for anyone running anything particularly custom is hardly new, and earlier this year we saw Google using the API to block access to sending RCS messages on custom ROMs — supposedly an effort to prevent spammers from sending automated texts. The most recent issue to surface concerns the multi-factor authentication app Authy, which (fresh off an embarrassing hack) just started enforcing Play Integrity checks, leading to reports of broken operation on GrapheneOS.