there’s not as much attention on this as there was when they tried to implement it in their browser, so sadly I think this will eventually come to be :/
The solution is the same, though. Chances are non-Google Android forks aren’t going to implement this, just like how Chromium-based browsers that aren’t Chrome (or Edge) ended up implementing solutions for the depreciation of webRequest in Chromium’s implementation of MV3. So if Google does do this, just unlock your device’s bootloader and flash Omnirom or another Android fork onto it.
Won’t work sadly, if you install a custom OS your device will not be able to attest to it being original, and play integrity won’t pass (which would by extension include WEI). Not providing the results will be seen as just as bad as not passing. So as long as the vast majority of mobile users have it deployed you’re screwed.
You can think of it as requiring everyone to wear a cryptographic ID badge to do something as simple as going to the store to buy groceries. You can always not wear it, but you will be denied service just as someone who has a “made up” ID.
The evil exists at the silicon level where they cryptographic keys are hidden from the user.
Not to mention the fact that there’s still Android devices that have bootloaders that can’t “just be unlocked”. Looks like this is now changing but the Canadian model of the LG G6 couldn’t be rooted for a long time, and while I wouldn’t have bought it if it was up to me because of that, it wasn’t up to me because it was just a hand-me-down to replace a phone I had that was way older.
Except you’re not forced to use the Play store if you’re using a non-Google fork of Android. So unless they’re locking out the entire OS if it doesn’t authenticate (which, if they do, that runs afoul of interoperability protections), you can still install APKs directly.
Also, if it’s at the silicon level, that’s not even in the OS, that’s in the device and Google is going to have to bet on device manufacturers (particularly Samsung, due to their market share) playing along. If Samsung in particular decides that Google is going too far (and they could, they have their own reputation to worry about and they’re also going to want to have control over the devices they make - control that Google could potentially deny them as they continue to tighten their grip), that’s game over. Google could try to push their own hardware but Samsung has too much market dominance in the mobile device hardware sector for Google to challenge like that.
There are ways around Play Integrity and Safety Net and the like. To quote this blog post, “The problem with checking if the user is a god, is that the user is a god.”
I knew it.
