Proton, Tor, and AdGuard Lead a 40-Company Revolt Against Google’s New Android Security Model

Over 40 privacy companies including Proton, Tor Project, and AdGuard have demanded Google reverse its Play Integrity API for Android, arguing the security framework threatens open-source distributions and could exclude privacy-focused users from running mainstream apps.
Proton, Tor, and AdGuard Lead a 40-Company Revolt Against Google’s New Android Security Model
Written by Dave Ritchie

A coalition of more than 40 privacy-focused technology companies and civil society organizations has issued a forceful open letter demanding that Google reverse course on its Android Play Integrity API — a security framework that critics say threatens the open nature of Android and could effectively banish independent apps from the platform. The signatories include some of the most prominent names in digital privacy: Proton, the Tor Project, AdGuard, GrapheneOS, the Electronic Frontier Foundation, and Mozilla, among others.

The letter, addressed to Google’s leadership, argues that the Play Integrity API — and its forthcoming expansion — amounts to an unprecedented power grab that would allow Google to dictate which apps can run on Android devices and under what conditions. At its core, the dispute centers on a technical mechanism that lets app developers verify whether a device meets certain security criteria, including whether the Android installation is “genuine” and whether the device’s bootloader has been modified. While Google frames this as a consumer protection measure, the coalition sees it as a weapon aimed squarely at the open-source community and privacy-conscious users who rely on custom Android distributions.

What the Play Integrity API Actually Does — and Why Privacy Advocates Are Alarmed

Google’s Play Integrity API allows developers to check the “integrity” of an Android device before allowing their apps to function. The system assigns trust verdicts to devices, essentially grading them based on whether they run a Google-certified version of Android, whether the bootloader is locked, and whether the device passes Google’s SafetyNet-like attestation checks. Apps can then use these signals to restrict functionality or refuse to run entirely on devices that don’t meet the threshold.

As reported by TechRadar, the concern is that this system inherently discriminates against users of alternative Android-based operating systems such as GrapheneOS, CalyxOS, and LineageOS — distributions specifically designed to enhance user privacy by stripping out Google’s proprietary services. Under the current and proposed expanded integrity checks, apps that rely on the Play Integrity API would flag these custom installations as untrustworthy, even though many security researchers argue that some of these alternative operating systems are actually more secure than stock Android.

The Open Letter: A Direct Challenge to Google’s Gatekeeping Ambitions

The open letter pulls no punches. It characterizes Google’s approach as fundamentally incompatible with the principles that made Android successful in the first place — namely, its open-source foundation and the ability for users and developers to modify the operating system. The signatories argue that the Play Integrity API effectively creates a two-tier system: devices blessed by Google that can run any app, and everything else.

Proton, the Swiss company behind the encrypted email service ProtonMail and the VPN service Proton VPN, has been particularly vocal. The company has long positioned itself as a counterweight to Big Tech surveillance, and it views Google’s integrity framework as a direct threat to the kind of privacy infrastructure its users depend on. The Tor Project, which maintains the anonymity network used by journalists, activists, and dissidents worldwide, shares similar concerns — its users frequently run modified Android environments specifically to avoid tracking.

Google’s Defense: Security for Users or Control Over the Platform?

Google has defended the Play Integrity API as a necessary tool to combat fraud, malware, and abuse. The company argues that developers need reliable signals to determine whether their apps are running in a safe environment, particularly for sensitive applications like banking, payments, and digital rights management. From Google’s perspective, a device with an unlocked bootloader or a non-certified operating system represents a potential security risk — one that could expose users to tampered software or man-in-the-middle attacks.

But the coalition’s letter directly challenges this reasoning. The signatories point out that device attestation as implemented by Google doesn’t actually measure security — it measures compliance with Google’s own standards. A device running GrapheneOS with a locked bootloader and verified boot, for instance, may be significantly hardened against attack compared to a stock Android phone from a budget manufacturer running outdated firmware. Yet under Google’s system, the former could be flagged as untrustworthy while the latter passes with flying colors. This distinction between genuine security and platform control lies at the heart of the dispute.

The Broader Implications for Android’s Open-Source Identity

Android’s relationship with open source has always been complicated. The Android Open Source Project (AOSP) provides the foundation, but the version of Android that ships on most consumer devices is heavily layered with Google’s proprietary services — Google Play Services, the Play Store, and a host of APIs that independent developers have come to depend on. Over the years, Google has systematically moved functionality out of AOSP and into its proprietary layer, making it increasingly difficult to run a fully functional Android device without Google’s blessing.

The Play Integrity API represents the latest and perhaps most consequential step in this trajectory. If widely adopted by app developers — particularly banks, streaming services, and enterprise software providers — it could make custom Android installations practically unusable for everyday purposes. As TechRadar noted, this would disproportionately affect users in regions where privacy tools are not a luxury but a necessity — journalists in authoritarian countries, human rights workers, and political dissidents who depend on modified Android environments to stay safe.

Regulatory Pressure and the Antitrust Dimension

The timing of this coalition’s pushback is significant. Google is already under intense regulatory scrutiny on multiple fronts. In the United States, the Department of Justice has pursued landmark antitrust cases against the company, with a federal judge ruling in August 2024 that Google maintained an illegal monopoly in search. In Europe, the Digital Markets Act has imposed new obligations on designated “gatekeepers” — a category that includes Google — to ensure fair access to their platforms.

The coalition’s letter implicitly invokes this regulatory context. By framing the Play Integrity API as an anticompetitive tool that reinforces Google’s dominance over the Android platform, the signatories are laying groundwork for potential regulatory challenges. The Electronic Frontier Foundation, one of the letter’s signatories, has a long history of advocating for interoperability requirements and against platform lock-in — issues that are now front and center in competition policy discussions on both sides of the Atlantic.

What Happens Next: The Stakes for Developers and Users Alike

The immediate question is whether Google will respond substantively to the coalition’s demands. The company has historically been reluctant to reverse course on platform decisions once they’ve been announced, though it has occasionally modified implementation timelines or offered limited concessions in response to developer backlash. The deprecation of Manifest V2 in Chrome — which threatened the functionality of ad blockers — provides a recent example of Google adjusting its approach under sustained pressure, though critics argued the concessions didn’t go far enough.

For the 40-plus organizations that signed the letter, the fight over the Play Integrity API is about more than a single technical specification. It is a proxy battle over the future of mobile computing: whether smartphones will remain platforms where users have meaningful control over their own devices, or whether they will become tightly controlled appliances where the operating system vendor dictates the terms of use. The coalition is betting that public pressure, combined with regulatory momentum, can force Google to rethink an approach that, if left unchecked, could fundamentally alter the balance of power between platform owners and the people who use their products.

AdGuard, the ad-blocking software company that also signed the letter, has separately warned that integrity-checking mechanisms could be used to detect and disable ad blockers — a concern shared by Mozilla, which has long championed the open web and user agency. The convergence of privacy advocates, security researchers, open-source developers, and civil liberties organizations in a single coalition underscores the breadth of opposition Google now faces.

A Test of Android’s Founding Promise

When Google acquired Android in 2005 and subsequently released it as an open-source project, the implicit promise was that Android would be a platform defined by openness and user choice — a counterpoint to Apple’s walled garden. Nearly two decades later, that promise is being tested as never before. The Play Integrity API controversy forces a fundamental question: Can Android remain meaningfully open if the company that controls its most critical infrastructure has the ability — and apparently the inclination — to exclude anyone who doesn’t play by its rules?

The coalition’s letter suggests that the answer, at least for now, is no. Whether Google listens may depend less on the strength of the technical arguments and more on the political and regulatory winds that are increasingly blowing against Big Tech consolidation worldwide.

Subscribe for Updates

InfoSecPro Newsletter

News and updates in information security.

By signing up for our newsletter you agree to receive content related to ientry.com / webpronews.com and our affiliate partners. For additional information refer to our terms of service.

Notice an error?

Help us improve our content by reporting any issues you find.

Get the WebProNews newsletter delivered to your inbox

Get the free daily newsletter read by decision makers

Subscribe
Advertise with Us

Ready to get started?

Get our media kit

Advertise with Us