A more secure option is excluded in the name of security.
In the ongoing negotiation between security and openness that defines the digital age, GrapheneOS has raised a pointed question: when the tools built to protect users also happen to exclude competitors, where does protection end and control begin? The independent mobile operating system has accused Google and Apple of using verification systems — Play Integrity API, App Attest, and reCAPTCHA — not merely to secure devices, but to ensure that only their own approved hardware and software can fully participate in the modern digital economy. The accusation arrives at a consequential moment, as governments and financial institutions begin adopting these same systems for payments and digital identity, potentially cementing two private companies at the foundation of public infrastructure.
- GrapheneOS, a privacy-focused Android alternative that its developers argue is more secure than certified Android, finds itself locked out of banking apps and mainstream services by the very security systems that claim to protect users.
- The paradox is sharp: Google's Play Integrity API blocks GrapheneOS not because it is less secure, but because it is not Google-approved — rewarding compliance over actual security.
- The reach of this gatekeeping is expanding beyond apps into the open web itself, with reCAPTCHA increasingly demanding a certified Apple or Google device to complete routine human verification checks.
- Governments adopting these verification systems for digital IDs and payments risk becoming unwitting enforcers of a duopoly, embedding Apple and Google's approval mechanisms into civic infrastructure.
- Neither company has responded to the accusations, leaving the central question unresolved: whether regulators will treat device attestation as a legitimate security practice or as anti-competitive architecture dressed in the language of protection.
GrapheneOS, an independent mobile operating system built on Android, has accused Google and Apple of using their security verification tools as gatekeeping mechanisms — systems that, under the banner of protection, effectively bar alternative operating systems from the digital ecosystem.
The mechanics are not subtle. Google's Play Integrity API and Apple's App Attest check whether a user's device is running approved software before granting access to apps and services. Banking applications have been particularly aggressive in adopting these checks, citing security as the rationale. But GrapheneOS points to a troubling contradiction: its own OS, which it describes as more secure than certified Android, is blocked outright by Play Integrity — excluded in the name of security despite being the more secure option. The result is that users who install a more private, more hardened operating system find themselves unable to use it for the ordinary tasks of modern life.
The problem reaches beyond apps. Google's reCAPTCHA, deployed across millions of websites, increasingly requires a certified Apple or Google device to complete verification — in some cases demanding that users scan a QR code with an approved phone just to access a website. This creates a dependency that extends even to desktop users on Windows or Linux, who may find themselves locked out of web services without a mainstream smartphone in hand.
The stakes grow higher as governments and financial institutions adopt these same systems for payments, digital identity, and age verification. When public infrastructure is built on Apple and Google's approval mechanisms, those companies gain structural control over who can participate in the digital economy — not through market competition, but through the architecture of verification itself.
GrapheneOS frames this as anti-competitive behavior wearing the costume of security. The distinction is consequential: genuine security tools protect all users equally, while what GrapheneOS describes is a system that rewards loyalty to approved platforms and marginalizes everything else. As more services adopt these checks, the pressure on users to conform to Apple or Google's ecosystem compounds. Neither company has responded publicly, leaving regulators to decide whether device attestation is a shield or a wall.
GrapheneOS, an independent mobile operating system built on Android, has leveled a serious accusation at two of the world's largest technology companies: Google and Apple are weaponizing their security tools to systematically exclude rival platforms from the digital ecosystem. The complaint centers on a handful of verification systems—Google's Play Integrity API, Apple's App Attest, and Google's reCAPTCHA—that ostensibly exist to protect users and devices but, according to GrapheneOS, function as gatekeeping mechanisms that entrench the dominance of iOS and certified Android devices.
The mechanics are straightforward enough. When you try to access a banking app, a website, or an online service, these verification systems check whether you're using an approved device running approved software. If you're not, access is denied. Banking applications, in particular, have embraced Play Integrity checks to block rooted phones and modified Android installations. The stated purpose is security—to ensure that only legitimate, uncompromised devices can access sensitive financial information. But GrapheneOS argues this framing obscures a deeper reality: these systems don't merely protect security; they actively prevent users from choosing alternative operating systems, even when those alternatives are demonstrably more secure than what Google and Apple permit.
GrapheneOS itself is a case in point. The project describes its own operating system as far more secure than the certified Android versions that Play Integrity allows, yet Google's system blocks it outright. This creates a paradox at the heart of the security argument: a more secure option is excluded in the name of security. The effect is to make GrapheneOS and other alternative operating systems functionally unusable for anyone who needs to access mainstream apps and services. You can install a more secure OS, but you cannot actually use it to do the things most people do online.
The concern extends beyond apps to the broader web. Google's reCAPTCHA system, deployed across millions of websites to verify that users are human, increasingly requires a certified Android or iOS device to complete the verification process. In some cases, users must scan a QR code with an approved phone to prove their identity before accessing a site. This creates a dependency loop: even if you use an alternative operating system on your primary device, you may need an Apple or Google phone in your pocket just to access ordinary web services. The implications ripple outward. Governments and financial institutions are now adopting these same verification systems for critical digital infrastructure—payments, digital identity documents, age verification. When public institutions rely on Apple and Google's gatekeeping mechanisms, they inadvertently become partners in locking out competition.
GrapheneOS frames this not as a security feature but as anti-competitive behavior dressed in the language of protection. The distinction matters. Security features are neutral tools that protect all users equally. What GrapheneOS describes is something different: a system designed to ensure that only devices and software approved by Apple and Google can fully participate in the digital economy. Over time, as more apps and services adopt these checks, the effect compounds. Users face an increasingly stark choice: use an approved device or lose access to essential services. The alternative operating systems, no matter how secure or innovative, become marginalized.
Neither Google nor Apple has publicly responded to GrapheneOS's accusations. The silence itself is telling. These companies have built their business models on controlling the hardware-software stack, and these verification systems represent the logical extension of that control into the broader digital infrastructure. Whether regulators will view this as a legitimate security practice or as anti-competitive gatekeeping remains an open question. For now, GrapheneOS's warning stands as a challenge to the assumption that security and openness are incompatible—and a reminder that the tools we build to protect ourselves can just as easily be used to exclude others.
Notable Quotes
Over the long term, this will increasingly lock out hardware and OS competition.— GrapheneOS
The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google. This is wrongly presented as being a security feature.— GrapheneOS
The Hearth Conversation Another angle on the story
Why does GrapheneOS care so much about this? They're a small project. Why pick this fight with Google and Apple?
Because the fight picks them. If you're building an alternative operating system, these verification systems are existential. Your OS can be more secure, more private, more thoughtful—but if apps won't run on it, nobody uses it. It's not about winning market share. It's about the right to exist.
But aren't these security tools actually necessary? Banking apps need to know they're talking to a real device, not a compromised one.
That's the trap in the argument. Yes, security checks are necessary. But you can verify a device's integrity without requiring it to be *approved by Google*. You could check the actual security properties of any OS. Instead, these systems check whether the OS is *certified*—which is a business decision, not a security one.
So you're saying Google could allow GrapheneOS through Play Integrity if they wanted to?
Almost certainly. If they audited GrapheneOS and found it met their security standards—which, by their own claims, it exceeds—they could whitelist it. They don't, because the real purpose isn't security. It's control.
What happens if governments start requiring these systems for digital ID or voting?
Then you've outsourced the definition of who gets to participate in democracy to two private companies. You can't vote, you can't access your bank account, you can't prove your age—unless Apple or Google says your device is acceptable. That's the endgame GrapheneOS is warning about.
Is there a way out of this?
Regulation, probably. Or enough public pressure that these companies decide the reputational cost of gatekeeping outweighs the control benefits. But right now, there's no technical solution. The power is entirely in their hands.