The global digital ecosystem is closing in more and more within enclosures controlled by a few, extremely powerful tech companies. This is the heavy accusation made by the creators of GrapheneOS through a lengthy and detailed statement published on X.
The independent project, known to hundreds of thousands of users for the development of a mobile operating system strongly oriented toward privacy and data protection, points the finger directly at Google and Apple.
According to the developers, the two giants are progressively and quietly forcing both mobile applications and the entire internet infrastructure to depend exclusively on their devices and on internally certified software.
GrapheneOS attacks Apple and Google
The harsher criticisms focus on specific tools released by the companies, in particular Google’s Play Integrity API and the system App Attest of Apple.
These technologies are presented to the general public and to programming communities as essential functions to guarantee the authenticity of terminals. In practical terms, an increasing number of platforms verify whether the user is using a smartphone deemed “reliable” before allowing the delivery of content.
GrapheneOS emphasizes how this approach provides companies with almost total control over which hardware can operate correctly on the network. In the long term, such a dynamic will end up excluding commercial competition altogether.
The Play Integrity API is widely used, for a concrete example, by dozens of banking applications to block rooted phones or devices with alternative software installed.
However, this mechanism relentlessly bans also entirely legitimate options. GrapheneOS is effectively cut off from essential services, despite offering standards of defense against cyber intrusions that are significantly superior to approved commercial configurations.
The monopoly of verifications and the impact on those who browse
The issue becomes even more critical when analyzed on a broader scale, because it does not limit itself only to smartphones in the strict sense. The position openly addresses the problem related to reCAPTCHA, Google’s widespread system used on millions of pages to distinguish humans from automated processes.
The company is starting to require users to confirm their identity using a regularly certified Android or iOS device.
In certain circumstances, to pass an access check, people must scan a QR code a few centimeters wide with the phone’s camera aimed at it to prove they are real. GrapheneOS warns that this restrictive practice could soon hit hard even those browsing comfortably from their desks using desktop machines equipped with Windows or Linux.
Owning the keys to reCAPTCHA puts a single actor in an absolute dominant position, allowing the possession of an approved smartphone to be required in order to enjoy a majority portion of the world’s network.
The complicity of public and private institutions
What makes the situation even more alarming, according to the authors of the complaint, is the complacent attitude of government authorities and major banks.
Instead of countering these practices, described as blatantly anti-competitive and restrictive, administrations are systematically adopting these protocols to manage the delivery of public services.
Electronic payments, digital identity archives and age-verification mechanisms almost always rely on these closed interfaces.
In this way, governments actively participate in the exclusion of independent systems, relying on proprietary tools to manage citizens’ rights. Up to this moment, those directly involved have not released any formal comment, avoiding publicly responding to the severe questions raised.
