Installing an alternative ROM on an Android phone is still perfectly possible, and there is an active community that has been developing systems based on the Android open source project for years. However, that technical freedom does not always translate into the same user experience that a phone with Google services offers. The contrast becomes especially visible when sensitive applications come into play, such as banking, payments or digital identity, which often rely on verification mechanisms to evaluate the environment in which they run. This practical difference is the starting point of an initiative promoted by several European companies that seeks to offer another way to check these devices within the Android ecosystem.
The advertisement. The novelty that explains this movement is the announcement of Unified Attestationan initiative promoted by the German manufacturer Volla together with other companies, such as Murena, iodé and Apostrophy. according to heisethese companies have launched a consortium to develop a system that allows verifying the integrity of Android devices without necessarily depending on Google services. The project is proposed as an open alternative to Google Play Integritythe interface that many applications use today to evaluate whether a device meets certain conditions before allowing certain functions or access.
How a part of Android works today. Play Integrity allows applications to request information about the environment in which they are running and receive signals that help assess risks, detect tampering, or check whether the device meets certain integrity conditions. This information does not alone decide whether an app can work or not, but it does serve as a basis for developers to determine how to react. In practice, many applications that handle sensitive data use this type of verification as part of their protection systems.
What the project promoters are looking for. As Volla explained In announcing the consortium, one of the goals of Unified Attestation is to offer a verification mechanism that is not controlled by a single company. From that perspective, the project is presented as a step towards greater autonomy for manufacturers, developers and systems based on the Android Open Source Project. The idea, in the words of its promoters, is to create a transparent and verifiable procedure that allows the integrity of a system to be verified without relying exclusively on Google’s infrastructure.
The real challenge. Presenting a technical alternative is only part of the journey. For a system like the one proposed by this consortium to have real impact, it would have to be accepted by the services that today use verification mechanisms to protect their applications. In this scenario, the challenge is not only to develop the technology, but to convince these actors that the new procedure offers sufficient guarantees to integrate it into their systems.
Not everyone agrees. Although the project tries to offer a different way to verify the integrity of these systems, not all actors in that environment see the proposal in the same way. GrapheneOS, a ROM known for its focus on privacy, security and freedom, reacted publicly after the announcement and expressed his disagreement with the initiative. He argued that the new system would not solve the structural problems associated with this type of verification and asked developers who prioritize those principles not to adopt it.
There is intention, there is no action. If the project goes ahead, it could allow mobile phones based on alternative ROMs to have more options to be accepted by applications that today apply strict integrity controls. For now, however, it is a proposal in development whose path will depend both on its technical evolution and on the trust it manages to generate among the services that should adopt it.
Images | Jonas Leupe
In Xataka | I have used my Android mobile as a PC thanks to desktop mode. It is a fantastic option
GIPHY App Key not set. Please check settings