I feel like a huge aspect that this article and the GrapheneOS developers are overlooking is DRM content.
They’re focusing on user security for a user’s own data, but there’s a whole other side to it with companies wanting to protect their own data - think Netflix and the like who use the same systems to ensure that nobody’s been tampering with the device as a way of bypassing the copy protection of their media.
Now I’m not saying I support DRM at all, I’m very firmly in the camp of being able to own the media you purchase without restriction, but my point is that it’s not as simple as Google being dismissive, lazy or ignorant but rather there’s a lot of commercial sensitivity at play and if Google fucks it up, they could potentially lose certification of the entire android ecosystem.
GrapheneOS specifically is probably fine when it comes to DRM. They sign their builds with keys that only they posses, so any custom forks would not get the advantages running an official version of GrapheneOS would gain if they were to pass the hardware verification API.
News outlets like to group projects like GrapheneOS and LineageOS together as “custom ROMs”, but GrapheneOS is much more than that. And in all honesty, some of the stuff LineageOS pulls to get their software working on some models shouldn’t be passing any checks. The projects released on forums like XDA are particularly bad, some of those will even disable Android’s security sandbox all together because it’s hard to make that work as intended.
Obviously, custom ROMs should not be trusted by apps where hardware security is essential. However, in cases like GrapheneOS, it’s hard to defend putting hashes of old, abandoned firmware with dozens of kernel exploits on the whitelist, but refusing to put GrapheneOS on there as well. Especially as GrapheneOS is more secure than Google’s own ROM, according to forensic hacking company Cellebrite, which can’t hack Google’s phones with Graphene but can get in with Google’s original software.
i don’t think what grapheneOS wants is to be able to spoof or bypass play integrity, they just wanna be able to implement it as well just like oems do so if someone will tamper the system in graphene as well, play integrity should blow off and drm content will be safe
could potentially lose certification of the entire android ecosystem
Certification by whom?
The Netflix app is older (2011) than Safetynet (2014?). Google probably didn’t need to provide remote attestation, but making non-Google Android unusable for most people is good for their bottom line.
Netflix being older is hardly relevant to this discussion.
Maybe you’re unaware, but the higher quality streams are only available on devices netflix has certified. You can still use netflix on GrapheneOS but you won’t get that quality, it’ll be downgraded.
This is a common problem for cheaper Chinese devices as well.
What would have happened if Google never created an attestation system for Android? Would Netflix give up such a large market?
Netflix can downgrade Chinese phones that aren’t common in the west and third-party ROMs because those represent a tiny fraction of their potential customer base. I doubt they’d be inclined to do so for all of Android.
It’s one thing to place limits on a few Chinese phones that have low market share outside China (Netflix is not available inside China), but only offering low-quality streams on the world’s most popular smartphone OS would surely have a significant impact on subscription numbers. Netflix may have even signed contracts with content providers requiring them to meet certain DRM standards.
I believe the situation would be different if Google hadn’t built a remote attestation system for Android. Netflix might have had to renegotiate a contract or two, but underserving a huge fraction of the market isn’t viable long-term.
I feel like a huge aspect that this article and the GrapheneOS developers are overlooking is DRM content.
They’re focusing on user security for a user’s own data, but there’s a whole other side to it with companies wanting to protect their own data - think Netflix and the like who use the same systems to ensure that nobody’s been tampering with the device as a way of bypassing the copy protection of their media.
Now I’m not saying I support DRM at all, I’m very firmly in the camp of being able to own the media you purchase without restriction, but my point is that it’s not as simple as Google being dismissive, lazy or ignorant but rather there’s a lot of commercial sensitivity at play and if Google fucks it up, they could potentially lose certification of the entire android ecosystem.
GrapheneOS specifically is probably fine when it comes to DRM. They sign their builds with keys that only they posses, so any custom forks would not get the advantages running an official version of GrapheneOS would gain if they were to pass the hardware verification API.
News outlets like to group projects like GrapheneOS and LineageOS together as “custom ROMs”, but GrapheneOS is much more than that. And in all honesty, some of the stuff LineageOS pulls to get their software working on some models shouldn’t be passing any checks. The projects released on forums like XDA are particularly bad, some of those will even disable Android’s security sandbox all together because it’s hard to make that work as intended.
Obviously, custom ROMs should not be trusted by apps where hardware security is essential. However, in cases like GrapheneOS, it’s hard to defend putting hashes of old, abandoned firmware with dozens of kernel exploits on the whitelist, but refusing to put GrapheneOS on there as well. Especially as GrapheneOS is more secure than Google’s own ROM, according to forensic hacking company Cellebrite, which can’t hack Google’s phones with Graphene but can get in with Google’s original software.
i don’t think what grapheneOS wants is to be able to spoof or bypass play integrity, they just wanna be able to implement it as well just like oems do so if someone will tamper the system in graphene as well, play integrity should blow off and drm content will be safe
Certification by whom?
The Netflix app is older (2011) than Safetynet (2014?). Google probably didn’t need to provide remote attestation, but making non-Google Android unusable for most people is good for their bottom line.
Netflix being older is hardly relevant to this discussion.
Maybe you’re unaware, but the higher quality streams are only available on devices netflix has certified. You can still use netflix on GrapheneOS but you won’t get that quality, it’ll be downgraded.
This is a common problem for cheaper Chinese devices as well.
What would have happened if Google never created an attestation system for Android? Would Netflix give up such a large market?
Netflix can downgrade Chinese phones that aren’t common in the west and third-party ROMs because those represent a tiny fraction of their potential customer base. I doubt they’d be inclined to do so for all of Android.
Who said anything about Netflix giving up a market, they just offer a worse service. But hey, iPhones offer a premium service, right?
It’s one thing to place limits on a few Chinese phones that have low market share outside China (Netflix is not available inside China), but only offering low-quality streams on the world’s most popular smartphone OS would surely have a significant impact on subscription numbers. Netflix may have even signed contracts with content providers requiring them to meet certain DRM standards.
I believe the situation would be different if Google hadn’t built a remote attestation system for Android. Netflix might have had to renegotiate a contract or two, but underserving a huge fraction of the market isn’t viable long-term.
Graphene already supports Winevine L1 without Play Integrity. It has nothing to do with DRM, its a seperate system.