This really isn't about Authy specifically.

It's about a possible trend of Apps refusing to run without Play Protect (which GOS can't provide) since it's not a signed Google OS.

It's a worrisome trend, but I don't think it will kill GOS because plenty of apps want to run on Chinese phones which cannot have Play Protect.

Play Integrity, formerly SafetyNet Attestation, essentially allows apps to verify whether an Android device has provided permissions beyond Google's intended models or has been rooted. Root access is not appealing to the makers of some apps involving banking, payments, competitive games, and copyrighted media.]

The last paragraph of the article has a bad link, going to reddit and not the GOS page they said they would link... it should be https://grapheneos.org/articles/attestation-compatibility-guide

The more I think about this, the more upset I become, this is removing user agency. Requiring verified hardware and software environments to run code has benefits, especially around security, but if someone wants to do banking from their VM they should be able to. The hardware should only empower user agency, never remove it.

Um, if you're security minded, you're already staying far away from Authy, so I'm not really sure what the article's focus is.

That said, I'm using 2fa all day long on Grapheneos. No issue. And prior to Grapheneos, I ran rooted and had been using Authy with no issue, so this kind of sounds like an advertisement piece for Authy.

I don't know why the article chooses Authy to showcase the issue, when it's an app that is trivially replaced by alternatives (if one is patient enough to migrate). Finance and streaming apps are hardly equivalent on the other hand.

"We don't want to punish users of alternative OSes, but there's really no other option at the moment," Wilden added before his blunt conclusion. "Play Integrity has absolutely no way to guess whether a given custom OS completely subverts the Android security model."

We know what this is about, and it's not about security. It's about only allowing apps that make shareholders happy.

Does Authy do anything valuable that Aegis doesn't?

Oh no, who will leak my phone number now?

I'm not sure why the author thinks that Authy is the only option? I've never used it on my phone running Graphene.

FreeOTP+ is offline and in fdroid and let's you export the entries you have saved. No third party needed. Just back it up as a habit every time you add a new entry. Store the backup encrypted with gpg or veracrypt or whatever

page on their site

links to reddit

~~And Authy is runbby twillio which is owned by Facebook.~~ Don't give corporations control over this shit. They'll take it away whenever they want.

Dang. Really hope this gets sorted soonish. In the market for something new and planned on going GOS or lineage.