GrapheneOS has published a lengthy thread on X accusing Google and Apple of gradually making the internet and mobile apps more dependent on their own platforms, devices, and software ecosystems.
The project argues that tools like Google’s Play Integrity API and Apple’s App Attest are being marketed as security features when, in practice, they make it significantly harder for users to choose alternative operating systems. A growing number of apps and websites now check whether a user is running a trusted device and approved software before granting access. According to GrapheneOS, this trajectory could hand Google and Apple near-total control over which devices function properly online.
“Over the long term, this will increasingly lock out hardware and OS competition,” GrapheneOS wrote in the thread.
Much of the criticism is directed at Google’s Play Integrity API, which Android apps use to verify whether a device is genuine, running certified software, and considered secure. Banking apps commonly rely on these checks to block rooted phones or devices running modified versions of Android. GrapheneOS argues that the same system also shuts out legitimate alternatives – including its own OS.
“Google’s Play Integrity API bans using GrapheneOS despite it being far more secure than anything they permit,” the post states.
“The purpose of these systems is disallowing people from using hardware and software not approved by Apple or Google,” GrapheneOS added. “This is wrongly presented as being a security feature.”
reCAPTCHA concerns
The thread also raises concerns about reCAPTCHA, Google’s widely deployed CAPTCHA system. GrapheneOS points out that Google’s verification systems require users to confirm their identity using a certified Android or iOS device. In some cases, that means scanning a QR code with a phone just to prove you’re a real person before accessing a site or service. GrapheneOS warns this dynamic could eventually extend to desktop platforms like Windows and Linux as well.
“Control over reCAPTCHA puts Google in a position where they can require having either iOS or a certified Android device to use an enormous amount of the web,” the platform wrote.
GrapheneOS also highlights that governments and financial institutions are increasingly adopting these same verification systems for payments, digital ID apps, and age verification services – deepening the entrenchment of Apple and Google’s gatekeeping role.
“Instead of governments stopping Apple and Google from engaging in egregiously anti-competitive behavior, they’re directly participating in locking out competition via their own services,” GrapheneOS said.
Neither Google nor Apple has publicly responded to the issues raised in the thread.
