> I don't see any requirement to support hardware attestation in the recaptcha d... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		palata 16 days ago \| parent \| context \| favorite \| on: Google broke reCAPTCHA for de-googled Android user... > I don't see any requirement to support hardware attestation in the recaptcha documentation, the Play Services seem to be "enough". Doesn't Play Integrity use hardware attestation, but specifically checking the Google keys? If you use the Play Services on GrapheneOS, you still don't pass Play Integrity because your system is signed by GrapheneOS and not by Google.

g-b-r 16 days ago [–]

No, Play Integrity is a set of numerous features, and the developers decide which one to use, and how to react to what the api reports.

Hardware attestation is one feature, but it's still not used a lot.

The most common feature is the check that your Google account really downloaded the app you're using (and that the app wasn't modified); which requires using a Google account, of course. This is what the "pairip" that's been plaguing the store for a year does (it's being added by a ton of apps because adding it only requires enabling a preference in the Play Console).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact