reCAPTCHA Mobile Verification Is Bringing the Play Integrity API to Desktops
6 hours ago
- #Digital Lock-in
- #Hardware Attestation
- #Anti-Competitive Practices
- Apple and Google are expanding hardware-based attestation via APIs like Google's Play Integrity and Apple's App Attest, with plans to extend it to the web, including through Apple's Privacy Pass and Google's reCAPTCHA.
- These systems restrict users to Apple or Google-approved hardware and software, often misleadingly framed as security measures, and are increasingly adopted by banks, governments, and other services, reinforcing a mobile duopoly.
- Google's reCAPTCHA Mobile Verification may require QR code scans from iOS or certified Android devices, potentially locking out users on Windows, Linux, or OpenBSD and expanding Google's control over web access.
- Hardware attestation excludes alternative operating systems like GrapheneOS despite their security, while permitting outdated devices, revealing its primary goal as anti-competitive lock-in rather than genuine security enhancement.
- Governments, especially in the EU, are mandating these attestation systems for digital services, inadvertently supporting anti-competitive practices instead of regulating them, and new systems like Unified Attestation threaten further restrictions.