Google’s newest proposed web standard is… DRM? Over the weekend the Internet got wind of this proposal for a «Web Environment Integrity API. » The explainer is authored by four Googlers, including at least one person on Chrome’s «Privacy Sandbox» team, which is responding to the death of tracking cookies by building a user-tracking ad platform right into the browser.
Perhaps the most telling line of the explainer is that it «takes inspiration from existing native attestation signals such as [Apple’s] App Attest and the [Android] Play Integrity API.» Play Integrity (formerly called «SafetyNet») is an Android API that lets apps find out if your device has been rooted. Root access allows you full control over the device that you purchased, and a lot of app developers don’t like that. So if you root an Android phone and get flagged by the Android Integrity API, several types of apps will just refuse to run. You’ll generally be locked out of banking apps, Google Wallet, online games, Snapchat, and some media apps like Netflix. You could be using root access to cheat at games or phish banking data, but you could also just want root to customize your device, remove crapware, or have a viable backup system. Play Integrity doesn’t care and will lock you out of those apps either way. Google wants the same thing for the web.