The Return of Your Apps, Please

In my previous post I discussed how the ability to attend concerts is increasingly locked behind using either an iOS device or a device running a Google approved version of Android. The issue I described isn't an isolated incident. More and more of our lives are being locked behind our smartphones. The two major smartphone operating system providers, Google and Apple, know this and are using their positions to lock us into their platforms. This is especially egregious of Google since it introduced Android as an open platform, which it no longer is.

Since introducing Android, Google has slowly been locking it down. Now there are effectively two tiers of Android: the Google blessed tier that can participate in our smartphone centric lives and the bastard child tier that can't. Less somebody think I'm being hyperbolic, Google demonstrated this fact with the latest update to reCAPTCH:

Google has tied its next-generation reCAPTCHA system to Google Play Services on Android, meaning anyone running a de-Googled phone will automatically fail verification when the system decides to challenge them.

reCAPTCHA is used by many websites, including government and educational websites, to thwart access by bots. Instead of providing an image-based puzzle, the new version of reCAPTCHA will require you to scan a QR code with your phone. The dirty trick, which is covered in more detail on this post from GrapheneOS's Mastodon instance, is that on Android this authentication mechanism is tied to Google Play Services, which is Google's proprietary framework for Android, on a Google certified device. That means people with de-Googled phones, such as any phone running LineageOS or GrapheneOS, will be unable to access any website where reCAPTCHA suspects you're a bot.

With this change, attending concerts won't be the only thing locked behind using an iPhone or Google blessed Android device. Huge swaths of the web will be too. This also creates a potential Catch-22 situation. Since many government websites use reCAPTCHA, people not using a Google blessed Android device will inevitably be unable to access government websites, which could result in legal consequences depending on the website in question. Imaging being unable to renew your driver's license or pay your taxes because you don't own the right kind of smartphone.

This isn't the reality we're heading towards, it's the reality we're at right now. The European Union is working on a European Digital Identity, which will require Google Play Integrity. Google Play Integrity, like the new version of reCAPTCHA, only works on Google certified devices. This not only expands the two tier system I mentioned to European citizenship, but also demonstrates that the European Union has no opposition to Google being a monopoly despite the rhetoric of its politicians. While the European Union makes a show of stopping Google's "monopoly" through lawsuits involving its app store, it hands Google a literal monopoly over the European Digital Identity application. To reiterate a long running theme of this blog, your government doesn't love you.