No banking apps on your custom ROM? This new initiative could help.

Source: Android Authority

C. Scott Brown / Android Authority

TL;DR

• A new European initiative called UnifiedAttestation aims to build an open‑source alternative to Google’s Play Integrity checks.
• Many banking, financial, and government apps use Play Integrity checks as a security measure, but this measure isn’t available on custom ROMs.
• The initiative is backed by smartphone maker Volla, along with partners like Murena.

One of the biggest issues with running a custom ROM or a Google‑free version of Android is that banking clients and other financial apps often don’t work. That’s because most of these apps rely on Google’s Play Integrity API. This security measure is meant to combat fraud and protect users, but it typically doesn’t support devices with custom ROMs or Google‑free Android forks. Fortunately, a European initiative might have a solution.

A new European initiative dubbed UnifiedAttestation (h/t: Heise) aims to build a free and open‑source alternative to Google’s Play Integrity checks. The initiative is backed by smartphone maker Volla, while other partners include /e/OS maker Murena and the team behind iodé OS. The feature will be distributed under an Apache 2.0 license.

Many banking, financial, and government apps don’t support custom ROMs and Google‑free Android forks because these platforms typically don’t support the Play Integrity API. UnifiedAttestation could potentially solve this issue, but app developers will need to specifically support this alternative. That means you shouldn’t hold your breath for your desired banking app to work out of the box. For what it’s worth, Volla claims that the feature can be added to apps with “just a few lines of code.” It adds that consortium members will “mutually” check and certify their operating systems and device models as part of a peer‑review process.

What’s stopping you from using a custom ROM?

Not everyone seems to be a fan of UnifiedAttestation, though. The Graphene OS team has criticized the initiative on Mastodon (h/t: r/android), saying that smartphone makers shouldn’t be deciding which operating systems people can use for their apps.

“Play Integrity API should be regulated out of existence rather than making another system where companies permit their own products while disallowing others,” the team explained. “It shouldn’t be legal when Google does it and it shouldn’t be legal when Volla and Murena do it either. This is wrong.”

UnifiedAttestation clearly isn’t without its detractors. But this might be one of the few ways to get your sensitive apps running on a custom ROM or Google‑free Android OS, so we’re keen to see how this initiative pans out.