Thread

🛡️
If the official X app stopped working for you (f.e. if you are using @GrapheneOS ), or your banking apps aren't working anymore, the problem might be hardware-based attestation. Unfortunately, despite winning many battles for an open internet, open code, open protocols, and file formats, hardware attestation is a problem that most of us aren't even aware of. And it's a big problem for the Internet.
Juraj Bednar
The Internet and Computers Aren't What They Used to Be: Why Your Apps Stopped Working (Hardware Attestation)
I was prompted to write this article when the X (Twitter) app stopped working on my phone. The culprit? New technologies that are fundamentally res...

Replies (21)

Read the article. It is a major threat agains open internet as it used to be and as it was conceived the network itself. I have rememberes this by heart because of most of you that I have learnt from: build a parallel polis what is better from the closed platforms that governs the reality today. Thank you juraj!
🛡️
Long click on the app in GrapheneOS ->> app info ->> and scroll down to "EXPLOIT PROTECTION COMPATIBALITY" - toggle this on when app is installed under the new user account with not many others apps that could potentially leak much data. This often makes apps like Uber, Bolt and banking apps to magically work
🛡️
↩ replying to Juraj
Yes it doesn't help with attestation but most apps can work when toggle is on. Two different problems indeed. I have run a number of talks about GrapheneOS in 2025, the last one was at @Bitfest where I glorified the attestation at GrapheneOS, comparing it with CalyxOS lacking it. I think it is good we have it at GOS. Many apps can work inside the browser, who wants to run X on Graphene OS as an app? It's a little spy better to be used in the browser anyway. I get your point at it may become a vector of the attack in some way, but open source software wins every time, even better when with privacy features It would be fun to see apps running on GrapheneOS only, as a form of awareness building activism! For instance a fork of signal Molly- GrapheneOS users only until May 2026, that would be fun to watch ;)) not in the spirit of open source but an interesting twist, reversing dynamics.... I would like to see all nostr clients to follow through, it would make everyone to either come back to X on mobiles or finally get that fckn GOS :D just for 5 months as a part of GOS campaign ;) .......... ..... ... *) GrapheneOS — attestation available: GrapheneOS supports hardware-backed attestation (SafetyNet/Play Integrity-style attestations and Android Key attestation) using its secure elements and strict privacy-preserving design. CalyxOS — no attestation (by default): CalyxOS does not provide the same device attestation capabilities out of the box, it avoids enabling attestation services that would reveal hardware identifiers or require Google services. As a result, apps expecting platform attestation/Play Integrity will typically fail or cannot obtain a hardware-backed attestation on CalyxOS unless the user explicitly installs and configures additional components (e.g., microG or other attestation bridges), which may reduce privacy. View quoted note → image
🛡️
My dream is an open mobile platform. I know there were several attempts in the past, that did not get from 0 to even 0.01. Mostly because of lack of market / interest, as most people are fine with the googleapple hegemony. My dream is that at some point it could grow out of the DIY hardware signer -- specter, seedsigner -- and home miner -- bitaxe -- ecosystem. A de-facto standard, with several manufacturers, open platform, interchangable software, and full package providers. It will not be on par with latest mobile hardware, and that should not be the goal, but a general purpose mobile computer and communications platform.
🛡️
↩ replying to Juraj
I have no illusions: for some 'essential' services I will need a fallback 'normie' phone (like messaging the daycare or school staff, ordering a pizza, a netbank if you need one, digital driving license or shit like that if you cannot really avoid it at some point). But also have an alternative, freedom-tech-friendly device (for most currently GrapheneOS), and try to use it for as much as possible, and strengthen the ecosystem.
As I've been saying about the Apps-walled-gardens problem for years: The best way to fight is: Use services via websites & browser. The principle: use it or lose it. You _have_ to give companies a financial incentive to keep services accessible via websites. You _have_ to give managers statistics that say: we've had 30 % of interactions with our service via the website, we cannot lose this. If people 95 % opt for the App, because "muh, App has so much better UI/UX than browser" they'll turn off websites as soon as they can. Same goes for websites working with Firefox/derivatives: if you want maintainers to make sure their websites work well with FF, you have to use FF and thus flood their servers with your FF user agent. If shops risk missing revenue by their website not working for people with buying power .. they will make sure their site works with the browser.
🛡️
↩ replying to lifeisjustreplication
True, but also let's be realistic about the impact. Lifetime value of a customer is quite low, there are definitely not millions of us. And then you have to consider the costs as well. Even 10% of users using only web might be a losing proposition for them, because the cost is also developing parallel web app (in addition to iOS and Android app) and fighting spam, bots and user scripts. With the attestation they can be fairly sure that the client is not a script, etc. Maybe not in theory, but definitely in practice. It might very well be that switching off the web will increase profit despite losing a significant percentage of customers. Also my particular one action, especially if it's free service has basically zero say in this, it's a rounding error. And I can only influence my actions and native a few hundred people (but realistically, probably a few dozen).