looks very promising !! 👍

Interesting approach, but: How does #unifiedattestation ensure every interested other and secure alternative ROM can also pass the test? @GrapheneOS does heavily criticize your approach. They claim it puts you (your project) in charge of controlling which ROMs pass attestation and which do not. Is there any room for a collaboration? It sounds as if #GrapheneOS rules this out, how about you guys from @Volla? Any negotiations possible? Any common ground? I, as a user, would just like to use those banking apps without worrying they might stop functioning anytime with any updates. Those banking-app-devs are the real culprits IMHO, to rely on something like Integritycheck theater. @Volla is your secret that you will convince banking-app-devs to open up their checks?

thanks. Your approach is better than google having a monopoly on device attestation.

Android already has a standard hardware attestation API. The sole purpose of your Unified Attestation system is a power grab where you put yourselves in control of what's allowed to be used. You do not get to make any demands of GrapheneOS in order for it to be permitted. It's not legal for you to make a system which forbids using other options to your products unless those join your cartel and comply with your demands. You aren't a neutral party and have massive conflicts of interest.

You're literally calling for centralization on the decentralized social network. 🤡 #Volla #VollaOS #OpenSource #software #hardware #Privacy #Security #DeGoogle

Android hardware attestation works on all modern Android devices and is the entire basis for Volla's Unified Attestation API. Their system is a centralized service built on top of Android hardware attestation. Android hardware attestation can already be used directly with arbitrary roots of trust and verified boot key fingerprints permitted. Instead of making a centralized attestation service, they could have at least just made signed root CAs and key fingerprints.