captchas

One of the conversations of the weekend was carried out by important developers, such as those from GrapheneOS. Google’s new security measures related to website access are beginning to be implemented in 2026 and, as a result, both custom ROMs and operating systems without Google presence have it tough. Google Cloud Fraud. If someone is okay with traffic light captchas as a security measure, I would tell you that they are not trustworthy. Google was also clear that they were not always ideal, so it developed an alternative solution, the evolution of reCAPTCHA. When the system detects suspicious traffic, it does not use the captcha system, it asks the user to scan a QR code with their smartphone. According to Googleis the best way to fight against bots and unwanted agents, protecting against attacks and possible fraud. But everything has a B side. The problem. The problem is that, for this security measure to work on Android, it is mandatory that the device has Google Play Services installed in a recent version. One of the key points of custom ROMs like GrapheneOS It is precisely that they are systems based on Open Source Android, but without Google services. Google Play Services is Google’s proprietary software layer that runs on certified Androids and provides, among other things, the APIs that verify that a device is approved by Google. Without them, it is not possible to satisfy the requests of the Play Integrity API, which is responsible for approving web access. The GrapheneOS case. GrapheneOS is one of the most secure ROMs in the world, one that has earned its reputation thanks to additional layers built on AOSP and, above all, by not having Google services or needing them for its operation. The GrapheneOS team argues that this has nothing to do with security. They claim that Play Integrity API rejects GrapheneOS and other systems even though it is technically more secure than most devices that do pass verification. Google’s Play Integrity API allows devices without security patches for years but updated to Play Services, but blocks the use of GrapheneOS even though it is much more technically secure. Mega’s entrance. After the complaint not only from Graphene, but from Cyber ​​DigestMega has come in to criticize the measure. Remember that in 2023 an attempt was made to do something similar with Web Environment Integrity (WEI). This was a proposal that Google had to abandon after criticism. That year, Google tried to put in place a mechanism that would allow websites to check whether the software and hardware on a user’s device was verified by Google. The logic was the same as now: if your settings did not conform to what Google considered acceptable, access was blocked. The proposal generated such widespread rejection among developers, web standards organizations and users that Google had to withdraw it. And now what. The relevant question is not whether or not Google is entitled to do this, because it is. The question is what happens when the de facto standard for online verification is controlled by the same company that sells the hardware and software necessary to surpass it. In Xataka | There is a race to get the first phone with 100% free software: so far there has only been failure