I bet £50 that the alternative (eg GrapheneOS attestation (based on the standard AOSP attestation)) will be delayed, then delayed, then scrapped since almost everyone is using Google Plag integrity anyway.
Yes, I assume malicious intent, sorry, seen this happen enough tines recently.
I'm in the US, not facing a mandate, but I want an open-source alternative to Play Integrity to use in the financial sector. There should be no excuse for anyone not supporting GrapheneOS. I've asked on Google's issue tracker and they are not interested in opening the program to non-OHA ("Google Play Approved") participants.
Indeed. Goggle is very hostile to anyone not wanting Google deep in their OS, running undisclosed code with the superuser privileges.
I think we all collectively should try the compliance / regulatory ways to force enough companies to have to adkit they know Google lies about security when talking about attestation, then force them into supporting alternative attestation methods.