2046154 - Feature Request: Google Play Integrity seems anti-ownership, anti-user, and proprietary anti-competitive and I suggest you consider a removal

Log In

Log In with GitHub

or

Remember me

Create an Account<br>&middot;<br>Forgot Password

Browse

Advanced Search

New Bug

Reports

Documentation

Please enable JavaScript in your browser to use all the features on this site.

Copy Summary▾

Markdown

Markdown (bug number)

Plain Text

HTML

View ▾

Reset Sections

Expand All Sections

Collapse All Sections

History

JSON

XML

Open

Bug 2046154

Opened 7 days ago<br>Updated 5 hours ago

Feature Request: Google Play Integrity seems anti-ownership, anti-user, and proprietary anti-competitive and I suggest you consider a removal

Summary:

Feature Request: Google Play Integrity seems anti-ownership, anti-user, and proprietary anti-competitive and I suggest you consider a removal

Product:

Firefox for Android

See Open Bugs in This Product

File New Bug in This Product

Watch This Product

Component:

Browser Engine

See Open Bugs in This Component

Recently Fixed Bugs in This Component

File New Bug in This Component

Watch This Component

Version:

Firefox 151

Platform:

Unspecified

Unspecified

Type:

task

Priority:

Not set

Severity:

N/A

Points:

Status:

UNCONFIRMED

Status:

UNCONFIRMED

Mark as Assigned

Milestone:

Project Flags:

a11y-review

Accessibility Severity

Performance Impact

Webcompat Priority

Webcompat Score

Tracking Flags:

Tracking<br>Status

relnote-firefox

firefox152

firefox153

firefox154

Assignee:

Unassigned

Assignee:

Reset Assignee to default

Mentors:

QA Contact:

Reset QA Contact to default

Reporter:

el

Triage Owner:

boek

CC:

19 people

Depends on:

Blocks:

Regressions:

Regressed by:

URL:

See Also:

Alias:

Keywords:

Whiteboard:

QA Whiteboard:

Has STR:

Change Request:

Bug Flags:

sec-bounty

sec-bounty-hof

in-testsuite

qe-verify

Signature:

None

This bug is publicly visible.

Bottom &darr;

Tags ▾

Reset

Timeline ▾

Reset

Collapse All

Expand All

Comments Only

Ellie

Reporter

Description

&bull;<br>7 days ago

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:151.0) Gecko/20100101 Firefox/151.0

Steps to reproduce:

I discovered this: https://bugzilla.mozilla.org/show_bug.cgi?id=2015109

Actual results:

Google Play Integrity was added.

This feels harmful for users since

I assume it will make use of these APIs more common, which often prevent installing a custom manually patched Android operating system of the user's choice which harms the very idea of a free operating system and unrestricted device ownership, and

I also assume it will increase dependency on Google services which means even the more anti competitive reliance on the play services, and

as far as I can tell this whole mechanism seems to be deeply closed-source and to potentially even rely on things like TPM or secure enclave or similar that hide things from the user, which is security by obscurity and generally just seems like an all-around bad thing to force upon people. And therefore it shouldn't be added to browsers to not encourage adoption by services people need. TPMs and similar mechanisms should remain an optional feature to empower users, not a way to take away their ownership and choice.

Expected results:

Google Play Integrity probably should be removed from a browser that tries to advocate for the free web. If that makes some services not work, then those services should be encouraged to find other solutions instead.

👍<br>15

👎

🎉

😀

🙁

❤️

BugBot [:suhaib / :marco/ :calixte]

Comment 1

&bull;<br>7 days ago

The Bugbug bot thinks this bug should belong to the 'Firefox for Android::Browser Engine' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Component: Untriaged &rarr; Browser Engine<br>Product: Firefox &rarr; Firefox for Android

Ellie

Reporter

Updated

&bull;<br>7 days ago

Summary: Google Play Integrity is anti-ownership, anti-user, and proprietary anti-competitive and I suggest you consider a removal &rarr; Google Play Integrity seems anti-ownership, anti-user, and proprietary anti-competitive and I suggest you consider a removal

Ellie

Reporter

Comment 2

&bull;<br>7 days ago

I would like to clarify that I don't think the browser should offer other kinds of hardware attestation either.

As far as I understand attestation, the main thing that achieves is to lock out people from the open web, and to remove device ownership when the user wishes to modify the operating system in a way that the outside party providing the attestation arbitrarily decided isn't "correct". I'm happy to be corrected, but as far as I know most attestation schemes don't allow the user to simply certify their own hardware and system themselves in an easy manner, if they wish to do so.

👍<br>10

👎

🎉

😀

🙁

❤️

David

Comment 3

&bull;<br>6 days ago

Thank you for filing this, I was about to myself. One small request though: Please remove...