I am going to assume that this also destroys millions of AI agents and bot scrapers this time which is why some “AI Engineers” were complaining about this recently.
Well, this is how Google will kill all the scrapers on its search data.
> Fraud Defense leverages a sophisticated and adaptable risk analysis engine to shield against automated software. It is specifically designed to orchestrate trust for the agentic web, neutralizing malicious scrapers while welcoming legitimate AI agents.
I'm sure it'll block a whole bunch of awful scrapers but if Google doesn't hate a bot, it'll be able to pass.
the only anticompetitive element I can think of is the way they pushed their scanning app to Android phones with Play Services. On IOS they're not in control but still able to launch an app (app snippets the feature is called, I think?) but on Android they themselves killed off Instant Apps because nobody used it. If one of Google's competitors like hCAPTCHA tries to do the same, they'll have more friction on Android than Google does.
When it comes to GrapheneOS, it's the website owners that decided to block those devices by using this service. There are other services that don't block those phones they can use instead.
That's the whole goal of the concept. Safetynet (the predecessor of Play Integrity) was developed to block CyanogenMod and then later used to block Huawei.
If Windows wasn't so far behind Apple and the rest of the industry in regards to integrity APIs this wouldn't be necessary. It's embarrassing for Microsoft that someone needs to use a separate, more secure device since their security is so bad.
Windows Hello offers an attestation API according to the releases I found, though because Microsoft has called at least four products "hello" now, I can't easily find the details. I don't think there's a technical reason why Google couldn't have released an app with a URL handler that uses that API except maybe for the Windows TPMs being less secure than mobile ones in general.
Attestation isn't against being able to do whatever you want with your own device. It just means that if you want other people to trust your custom device you need to get them to trust your signing key.
"strong integrity" also takes into account if a security update has been installed recently enough. I don't believe hardware integrity spoofing has been accomplished on Android yet. Software integrity and compatibility with old hardware has been used to spoof device IDs and pretend a phone doesn't have the ability to do hardware attestation.
It's technically possible to exploit a kernel and get root access on a running device, of course, but the persistent root that is used most often will be detected by hardware integrity mechanisms. Exploit based root might be as well if it makes itself detectable enough.
Well, this is how Google will kill all the scrapers on its search data.
> Fraud Defense leverages a sophisticated and adaptable risk analysis engine to shield against automated software. It is specifically designed to orchestrate trust for the agentic web, neutralizing malicious scrapers while welcoming legitimate AI agents.
I'm sure it'll block a whole bunch of awful scrapers but if Google doesn't hate a bot, it'll be able to pass.
When it comes to GrapheneOS, it's the website owners that decided to block those devices by using this service. There are other services that don't block those phones they can use instead.
Like with reCAPTCHA, there are other services and libraries out there to detect root access and other things companies want to detect in their apps.
It's technically possible to exploit a kernel and get root access on a running device, of course, but the persistent root that is used most often will be detected by hardware integrity mechanisms. Exploit based root might be as well if it makes itself detectable enough.