this post was submitted on 07 Jun 2025

73 points (100.0% liked)

Privacy

38741 readers

952 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

[email protected]

What is the future of Google Play Intergrity APIs (and similar concepts)? Do you think we can find a way to bypass these, or is the future of the digital world just authoritarian and dystopian? (sh.itjust.works)

submitted 4 days ago by [email protected] to c/[email protected]

64 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 4 hours ago

I recently bought a phone from Volla that ships with ubuntu touch. Somewhat painful, but entirely possible to use. I also backed the liberux indiegogo for a more modern proper mainline linux phone again.

I'm just not using any google play and ios exclusive apps and services anymore. Yea it's painful but if you want to see an ecosystem outside of google play and ios, you have to buy and use it. Just be prepared to be the 0.1% that literally nobody cares about. Like when traveling I can follow my ICE train schedule on the Deutsche Bahn website, but it will log me out and delete my entire state after 15 minutes or so of inactivity. Or a couple of years ago I saw that uber had a web app and at some point wanted to order one for a group. turns out when trying to finish the order (which you can't dry run), I got a generic error and someone with the app had to order. After uber sent me 125 marketing mails after that, telling me to order discounted food with uber eats, I think I finally unsubscribed (I only didn't earlier out of morbid curiosity).

Personally I live by just not using this stuff is better than being like "oh I need waydroid to run android in a container and use the reverse engineered reimplementation of google play, and also need to fake some stuff to pass integrity checks etc. to use an E-Scooter".

[–] [email protected] 4 points 2 days ago

Google is banned in china so 1/6 of the world population can bypass it automatically. You need state power to deal with oppressive corpos.

[–] [email protected] 9 points 3 days ago

This might be a hot take but the best way to avoid or "bypass" onerous things like the "integrity API" is to opt out of the proprietary world as much as possible. Use exclusively free (Libre) software and technology where you can.

We should not be thinking in terms of how do we get proprietary crapware onto our free systems, because that defeats the purpose of a free system. The idea is to build an alternative to the proprietary world.

[–] [email protected] 7 points 3 days ago (1 children)

GrapheneOS is already working on it:

We're going to add a secure way of working around this without breaking the app source security model. We'll be adding support for having the OS automatically verify the Play Store signing metadata and then inform Play services those apps were installed from the Play Store.

https://grapheneos.social/@GrapheneOS/114554622772349562

[–] [email protected] 1 points 2 days ago

That's already released and only deals with recent changes. It doesn't fix apps using strong integrity challenges

[–] [email protected] 8 points 3 days ago (1 children)

Do you think we can find a way to bypass these,

Yes. Direct physical access always wins. A device in my hands is my device.

or is the future of the digital world just authoritarian and dystopian?

Yes. Many people aren't going to explore the solutions, or be willing to give up the convenience that comes with not changing what they're doing.

[–] [email protected] 2 points 3 days ago (1 children)

A device in my hands is my device.

Could you then please help root the Meta Quest 3? So far I believe nobody managed.

[–] [email protected] 7 points 3 days ago (1 children)

We're a decade too early for open source vr.

That's not a VR headset, You bought an expensive Facebook paperweight.

[–] [email protected] 0 points 2 days ago* (last edited 2 days ago) (1 children)

Edit for TL;DR as this became lengthy : agreed, do NOT buy "an expensive Facebook paperweight" but also, open source VR exists today! Depending on your definition and needs, there is a lot that can be done and you can help.

Rooting isn't open source...

Anyway Valve Index runs perfectly on Linux, that's how I finished Half-life: Alyx. I also do already have a rooted Lynx XR1 and a Project NorthStar which is open hardware (even though not OSHW iirc).

There are also :

open source runtimes for OpenXR like Monado,
runtime managers or switches e.g. xr-chooser or openxr-explorer
window managers (ish) like xrdesktop or Stardust XR
browser like Wolvic (with Gecko and now Chromium backend) with cross-platform supports with WebXR
streaming from desktop to standalone HMDs e.g. WiVRn or ALVR
some distributions have dedicated documentation e.g. NixOS for desktop and PostMarketsOS mobile
plenty of tools that run on standalone HMDs as most are "just" Android devices, e.g. termux letting you install NodeJS then run your own on device Web server to code on device, standalone, offline, alternative launchers e.g. LightningLauncher, removing some telemetry and plenty more I'm not even aware of.

IMHO one of the best resource covering that and more is https://lvra.gitlab.io/

So... I'm a bit confused, maybe I misunderstood, what did you mean by being "a decade too early"? Which functionality specifically is missing today?

[–] [email protected] 1 points 2 days ago (1 children)

The Index and the Quest are entirely different things.

The index is a monitor with sensors attached to it.

The Quest is a proprietary PC with an ecosystem, DRM and billion dollar company backing.

Rooting isn't open source They don't have anything to do with each other other than the fact that you don't need to root open source devices. They lock us out of root because they don't want us to control our own devices, They want us to use their stores, they're walled gardens, and their support for everything which is very un-open source.

My point behind touting an open source mobile VR device would be that it would not need to be rooted.

I looked at the hardware you mentioned and while the open stuff looks very nice it looks very not available for anyone to purchase. Do you expect any of that hardware to be more available soon?

[–] [email protected] 1 points 1 day ago

for the Lynx (that can't be bought rooted already but takes about 15min to root) I wouldn't buy it right now but wait for their AndroidXR release... and see if that would be rootable. I personally share my Lynx with hardware and software hacker friends nearby because I know it's a relatively rare device.
NorthStar is AR, not VR, and by default isn't mobile but there are compute pack explorations and opaque covers. Honestly if you are not into hardware tinkering I would not recommend it. If you are though then you probably don't need a lot of hand holding, just connecting with peers to learn from each other.
SimulaVR https://simulavr.com/ is very tempting but the price tag is quite high and to be honest I worry that they are following the Lynx delivery delay path. I also haven't put my actual hands on an actual product so I can't comment on it.
Valve itself has been leaving hints for mobile VR and they did IMHO an amazing job with the SteamDeck, namely something reliable (it "just works") while running Linux proper (even though most players will be totally unaware of it) ... but it's Valve. So they will release it, if they ever do, whenever they will believe it's ready. This is also pure speculation! They have not announced anything but they did sell the Index, SteamDeck, SteamVR on Linux, and there are bits of code hinting at a standalone HMD.

[–] [email protected] 13 points 3 days ago (2 children)

I sadly believe we’re fucked

[–] [email protected] 2 points 2 days ago (1 children)

We where fucked when the internet got consolidated into what five companies.

[–] [email protected] 2 points 2 days ago

And them being in the USA as well

[–] [email protected] 12 points 3 days ago (1 children)

We were fucked a long time ago it's just the effects showing now. But I hope the rebels at Graphene OS and other custom ROMs will find a way.

[–] [email protected] 0 points 3 days ago (1 children)

Sadly I moved away from Graphene because of all the restrictions :(

[–] [email protected] 1 points 2 days ago (1 children)

Genuinely curious here, I but what restrictions?

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago)

No mobile payments, a lot of apps have integrity check which means I can't really use them, no way to reset the unique device ID sent to apps so they can track you (why am I even using Graphene 🙄?), slow device, annoying to set up things like carplay's android thingy...

[–] [email protected] -3 points 4 days ago

What is the future of Google Play Intergrity APIs (and similar concepts)?

They are already here

Do you think we can find a way to bypass these

Ever heard about this so called „FOSS” or is your head to empty to understand words? Baby heard about FOSS? No? Or yes?

or is the future of the digital world just authoritarian and dystopian?

Only for those who allow such things to SPÖ on themselves.

load more comments