To be precise, there's an Android API called Play Integrity that defines a device's integrity. This integrity can be STRONG, DEVICE, BASIC, and no integrity.
GrapheneOS can only pass a check for BASIC integrity. It cannot pass a check for DEVICE or STRONG integrity.
STRONG integrity is hardware-backed (think TPM) and is not spoofable. DEVICE integrity can be spoofed and there are tools to do it, if you root your device, but Graphene does not want to this for various reasons. [1]
It is up to the developer of every app to choose to use this API or not, and to lock some or all of the features of their app behind this API.
GrapheneOS actually supports hardware integrity (the STRONG variant), but in a particular way. Every OS integrity API (including eg. Secure Boot) is based on a list of master keys, that are installed with every computer. Users that want to install custom operating system that are not signed by a major company will have to enroll their own keys into the Secure Boot system.
Hardware integrity also requires root keys, and those are owned by Google. But the API is actually general enough to allow both a "Verified" (signed by a root Google key) and "SelfSigned" custom keys. GrapheneOS provides a guide [2] that describes how to adapt the hardware integrity checks to accept either a Verified key or a SelfSigned key from a list of keys from GrapheneOS.
There is no reason why app developers should not accept operating systems signed by GrapheneOS just like those signed by Google, for the simple reason that it provides the exact same anti-tamper protection.
Note that all this anti-tamper protection is, in the end, an effort to protect users from others hacking their devices and gaining access to their apps. These measures do not help companies per-se, since user commands should ALWAYS be verified server-side.
[1]: "they use fingerprinting techniques such as GPU fingerprinting and send along that data, which enables detecting and banning spoofing. It is NOT practical to pretend to pass these checks. It is only possible in the short term at a small scale. It will get banned and stop working."
>Note that all this anti-tamper protection is, in the end, an effort to protect users from others hacking their devices and gaining access to their apps. These measures do not help companies per-se, since user commands should ALWAYS be verified server-side.
This is the stated reason, but the behavior of it is anything but: if they really cared, they would fail massively outdated versions of android that have critical remotely exploitable vulnerabilities, but they do not. It is also much easier to tamper with a ROM slightly and have a version that passes these checks, compared to having a secure, up-to-date, maintainable ROM that passes.
GrapheneOS can only pass a check for BASIC integrity. It cannot pass a check for DEVICE or STRONG integrity.
STRONG integrity is hardware-backed (think TPM) and is not spoofable. DEVICE integrity can be spoofed and there are tools to do it, if you root your device, but Graphene does not want to this for various reasons. [1]
It is up to the developer of every app to choose to use this API or not, and to lock some or all of the features of their app behind this API.
GrapheneOS actually supports hardware integrity (the STRONG variant), but in a particular way. Every OS integrity API (including eg. Secure Boot) is based on a list of master keys, that are installed with every computer. Users that want to install custom operating system that are not signed by a major company will have to enroll their own keys into the Secure Boot system.
Hardware integrity also requires root keys, and those are owned by Google. But the API is actually general enough to allow both a "Verified" (signed by a root Google key) and "SelfSigned" custom keys. GrapheneOS provides a guide [2] that describes how to adapt the hardware integrity checks to accept either a Verified key or a SelfSigned key from a list of keys from GrapheneOS.
There is no reason why app developers should not accept operating systems signed by GrapheneOS just like those signed by Google, for the simple reason that it provides the exact same anti-tamper protection.
Note that all this anti-tamper protection is, in the end, an effort to protect users from others hacking their devices and gaining access to their apps. These measures do not help companies per-se, since user commands should ALWAYS be verified server-side.
[1]: "they use fingerprinting techniques such as GPU fingerprinting and send along that data, which enables detecting and banning spoofing. It is NOT practical to pretend to pass these checks. It is only possible in the short term at a small scale. It will get banned and stop working."
[2]: https://grapheneos.org/articles/attestation-compatibility-gu...